| # | Risk Type | Description | JSON key | Severity |
|---|---|---|---|---|
| 1 | Centralized Mint | An external authority can create (mint) new tokens. This can dilute holders and manipulate token supply. | risk_centralized_mint | High |
| 2 | Hidden Fees | The contract includes a fee that’s not clearly declared in transfers. Receivers may get fewer tokens than expected. | risk_hidden_fees | High |
| 3 | Unauthorized Token Approvals | An external authority can approve token transfers on behalf of users. This may allow unauthorized spending. | risk_unauthorized_token_approvals | High |
| 4 | Proxy (Upgradeabl) | Implementation of the contract potentially upgradable: The contract uses the proxy pattern to separate the main address from implementation, with the potential ability to change the main underlying logic. | risk_proxy | High |
| 5 | Selfdestruct | The contract can be destroyed. When triggered, it erases all stored values, including balances. | risk_selfdestruct | High |
| 6 | Centralized Burn | An external authority can burn tokens from user balances. This reduces supply and can affect holder value. | risk_centralized_burn | High |
| 7 | Blacklist | Specific users can be blocked from transferring tokens. This introduces censorship and central control. | risk_blacklist | High |
| 8 | Transfer event amount mismatch | The amount emitted in the transfer event does not match the actual amount of the balance change. This can be used to misguide the blockchain indexers, user-facing applications and end users by showing them inconsistent transfer history and balances. | risk_token_transfer_event_amount_mismatch | High |
| 9 | Cooldown checks | Transfers are subject to cooldown periods or timed delays. This may prevent immediate token movement. | risk_transfer_time_constraints | Medium |
| 10 | Basic Transfer Fee | The contract includes an optional, declared fee on transfers. While visible, it still alters expected amounts. | risk_basic_transfer_fee | Medium |
| 11 | External Call in Transfer | Transfers depend on other contracts. External code can influence whether or how transfers succeed. | risk_external_call_in_transfer | Medium |
| 12 | Balance Manipulation | Balances can be altered using functions outside typical mint/burn/transfer logic. This adds unpredictability to user balances. | risk_balance_manipulation_in_non_standard_functions | Medium |
| 13 | Pausable | An external authority can pause the contract. All transfers or functions may be temporarily disabled. | risk_pausable | Medium |
| 14 | Blockable Transfer | Transfers can be blocked under certain conditions (e.g. large amounts, cooldowns, specific addresses). This can freeze tokens for certain users. | risk_blockable_transfer | Medium |
| 15 | No Transfer event emitted | The token's transfer functions lack transfer event emission, which can cause problems with blockchain indexers and user-facing applications not being able to show the transfer history and balances correctly. | risk_not_emmiting_transfer_event_in_transfer_function | Medium |
| 16 | Approval event not emitted | The token's approve function lacks approval event emission, which can cause problems with blockchain indexers and user-facing applications to show the approval history and state correctly. | risk_not_emmiting_approval_event_in_approve_function | Medium |
| 17 | Whitelist | Transfers are allowed only between approved addresses. This favors certain users and limits token flow. | risk_whitelist | Low |
| 18 | Asset Withdrawal | The contract can move tokens from its balance. Relevant if the contract is expected to hold funds. | risk_excessive_token_withdrawal | Informational |
| 19 | ETH Balance Sweep | The contract can move ETH from its balance. This matters if ETH is sent to the contract. | risk_eth_balance_sweep | Informational |
| 20 | Assembly usage in transfer | The token's transfer functions use assembly code, there is a probability that this can be used to obfuscate the transferring logic. | risk_assembly_usage_in_transfer_function | Informational |
| 21 | Not fully ERC20 compliant | The token's contract does not fully implement all of the ERC20 standard's requirements. | risk_not_erc20_full_compliance | Informational |