docs: update classification descriptions (#11)

cryptousersecurity · Jul 25, 2024 · c59093a · c59093a
1 parent 63c3dfb
commit c59093a
Show file tree

Hide file tree

Showing 42 changed files with 6,246 additions and 6,248 deletions.
diff --git a/docs/TRC-001.md b/docs/TRC-001.md
@@ -2,7 +2,7 @@
 # TRC-001 Honeypot
 ## Description
 
-This is a honeypot smart contract sample demonstrating unpredictable behavior when storing a value that exceeds integer limitations.
+A Honeypot token refers to a malicious token smart contract designed to attract users to buy the token but prevent them from selling it. This is achieved through malicious code within the contract, which traps the user's assets, leading to potential financial loss.
 
 ## Risk Samples
 

diff --git a/docs/TRC-002.md b/docs/TRC-002.md
@@ -2,7 +2,7 @@
 # TRC-002 Mintable
 ## Description
 
-Changing the percentage of a position by increasing the balance at a specific address.
+Mintable indicates that the token allows for potential malicious minting. The deployer can continuously mint new tokens, draining the liquidity pool for profit. This can trigger a massive sell-off, causing the coin price to plummet and leading to significant losses for other token holders.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-003.md b/docs/TRC-003.md
@@ -2,7 +2,7 @@
 # TRC-003 OwnershipRetrieval
 ## Description
 
-When Owner permissions are set to a black hole address, it is still possible to fetch owner permissions back to an actionable address.
+Ownership allows adjustments to contract parameters and status, such as minting, slippage modification, trading suspension, and blacklist settings. If the contract's owner cannot be retrieved, is a black hole address, or lacks an owner, these functions are usually disabled. However, these risky functions may be reactivated if ownership is reclaimed.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-004.md b/docs/TRC-004.md
@@ -2,7 +2,7 @@
 # TRC-004 BalanceManipulation
 ## Description
 
-Changes can be made to the user's balance without the user's allowance to achieve a reduction in the percentage of the user's position.
+Tokens with this feature allow the owner to modify anyone's balance, potentially setting it to 0 or enabling massive minting and sell-off. This function generally relies on ownership. If the contract's owner cannot be retrieved, is a black hole address, or lacks an owner, ownership-related functionality is usually disabled.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-005.md b/docs/TRC-005.md
@@ -2,15 +2,13 @@
 # TRC-005 HiddenOwnership
 ## Description
 
-To hide the status of a privileged address, set it to an unreadable address, or to name it using a non-standard method.
+Hidden ownership is used by developers to maintain ownership ability even after abandoning ownership, and is often an indicator of malicious intent. When a hidden owner exists, the ownership has not been abandoned.
 
 ## Risk Pattern
 
 ```solidity
-address superman;
-modifier Superman() {
+modifier superman() {
   require(superman == _msgSender(), );
-  _;
 }
 ```
 

diff --git a/docs/TRC-006.md b/docs/TRC-006.md
@@ -2,7 +2,7 @@
 # TRC-006 SelfDestruction
 ## Description
 
-The contract can be destroyed, resulting in the loss of all functionality and zeroing of assets.
+When the self-destruct function is triggered, the contract is destroyed, making all its functions unavailable and erasing all related assets. This method can also be used to update the contract by replacing it with a new one.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-007.md b/docs/TRC-007.md
@@ -2,7 +2,7 @@
 # TRC-007 ExternalInvocation
 ## Description
 
-Certain functions or logic judgments within the contract rely on external contracts.
+External calls make this contract's implementation dependent on other external contracts, which may introduce additional risks.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-008.md b/docs/TRC-008.md
@@ -2,7 +2,7 @@
 # TRC-008 BlackListFunction
 ## Description
 
-Restrict trading to specific addresses, preventing them from buying/selling, or selling only at a high loss
+The contract owner can add any address to the blacklist, preventing those addresses from trading. Abuse of this function poses significant risks. For contracts without an owner, or if the owner is a black hole address, the blacklist cannot be updated, but the existing blacklist remains in effect.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-009.md b/docs/TRC-009.md
@@ -1,18 +1,20 @@
 
-# TRC-009 FullSaleRestriction
+# TRC-009 WhiteListFunction
 ## Description
 
-Users are unable to sell their entire position all at once. They can only trade a portion as a percentage or retain a certain amount of holdings.
+WhiteListFunction is used to allow specific addresses to make early transactions, tax-free, and unaffected by transaction suspensions. For contracts without an owner, or if the owner is a black hole address, the whitelist cannot be updated, but the existing whitelist remains in effect.
 
 ## Risk Pattern
 
 ```solidity
 function _transfer(address from, address recipient, uint256 amount) internal virtual override returns (bool) {
   require(_balances[_msgSender()] >= amount, );
-  require(_balances(from).sub(amount)>=1*10**18,);
   _balances[_msgSender()] -= amount;
-  _balances[recipient] += amount;
-  emit Transfer(_msgSender(), recipient, amount);
+  uint256 fee = amount.mul(feeRate).div(100);
+  if (whitelist[msg.sender] == ture)
+  fee = 0;
+  _balances[recipient] += (amount-fee);
+  emit Transfer(_msgSender(), recipient, amount-fee);
   return true;
 }
 ```

diff --git a/docs/TRC-010.md b/docs/TRC-010.md
@@ -2,7 +2,7 @@
 # TRC-010 SlippageModification
 ## Description
 
-The transaction tax rate is subject to modification.
+Tokens with modifiable tax allow the contract owner to change the buy or sell tax rates. This can cause losses, especially if the contract allows unlimited tax rate modifications, potentially making the token untradeable. This function generally relies on ownership. If the contract does not have an owner, or if the owner is a black hole address and cannot be retrieved, this function may be disabled.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-011.md b/docs/TRC-011.md
@@ -2,7 +2,7 @@
 # TRC-011 TransferPausable
 ## Description
 
-There is a toggle for trading. When the toggle is turned off, trading is restricted for non-designated addresses.
+TransferPausable allows the contract owner to suspend trading at any time, preventing anyone from selling except those with special authority. This function generally relies on ownership. If the contract does not have an owner, or if the owner is a black hole address and cannot be retrieved, this function maybe be disabled.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-012.md b/docs/TRC-012.md
@@ -2,7 +2,7 @@
 # TRC-012 PersonalSlippageModification
 ## Description
 
-Individual transaction taxes can be set for each address.
+The contract owner can set an extremely high tax rate for a specific address to block it from trading. Abuse of this function poses significant risks. For contracts without an owner, or if the owner is a black hole address, this function cannot be used, but the existing tax rate remains in effect.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-013.md b/docs/TRC-013.md
@@ -1,20 +1,18 @@
 
-# TRC-013 TransactionWhitelisting
+# TRC-013 SaleRestriction
 ## Description
 
-There are certain privileged addresses that are not affected by trading restrictions or the need to pay transaction taxes.
+SaleRestriction prevents users from selling all their tokens in a single sale. Users may be required to retain a certain percentage, such as 10%, or a fixed number of tokens, such as 10 tokens.
 
 ## Risk Pattern
 
 ```solidity
 function _transfer(address from, address recipient, uint256 amount) internal virtual override returns (bool) {
   require(_balances[_msgSender()] >= amount, );
+  require(_balances(from).sub(amount)>=1*10**18,);
   _balances[_msgSender()] -= amount;
-  uint256 fee = amount.mul(feeRate).div(100);
-  if (whitelist[msg.sender] == ture)
-  fee = 0;
-  _balances[recipient] += (amount-fee);
-  emit Transfer(_msgSender(), recipient, amount-fee);
+  _balances[recipient] += amount;
+  emit Transfer(_msgSender(), recipient, amount);
   return true;
 }
 ```

diff --git a/docs/TRC-014.md b/docs/TRC-014.md
@@ -2,7 +2,7 @@
 # TRC-014 AntiWhale
 ## Description
 
-The contract imposes restrictions on the maximum transaction volume or maximum holding amount.
+AntiWhale describes whether the contract limits the maximum transaction amount or the maximum token holding for a single address. 
 
 ## Risk Pattern
 

diff --git a/docs/TRC-015.md b/docs/TRC-015.md
@@ -2,7 +2,7 @@
 # TRC-015 AntiWhaleModification
 ## Description
 
-The maximum transaction volume or maximum holding restrictions can be modified.
+AntiWhaleModification describes whether the contract can modify the maximum transaction amount or the maximum token holding for a single address. For contracts without an owner, or if the owner is a black hole address, this risk may not happen.
 
 ## Risk Pattern
 

diff --git a/docs/TRC-016.md b/docs/TRC-016.md
@@ -2,7 +2,7 @@
 # TRC-016 TradingCooldown
 ## Description
 
-There needs to be a certain cooldown period between two transactions from the same address.
+TradingCooldown describes whether the contract has a trading cooldown mechanism that limits the minimum time between two transactions.
 
 ## Risk Pattern
 

diff --git a/src/TRC-001/metadata.json b/src/TRC-001/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-001",
   "name": "Honeypot",
-  "description": "This is a honeypot smart contract sample demonstrating unpredictable behavior when storing a value that exceeds integer limitations.",
+  "description": "A Honeypot token refers to a malicious token smart contract designed to attract users to buy the token but prevent them from selling it. This is achieved through malicious code within the contract, which traps the user's assets, leading to potential financial loss.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-002/metadata.json b/src/TRC-002/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-002",
   "name": "Mintable",
-  "description": "Changing the percentage of a position by increasing the balance at a specific address.",
+  "description": "Mintable indicates that the token allows for potential malicious minting. The deployer can continuously mint new tokens, draining the liquidity pool for profit. This can trigger a massive sell-off, causing the coin price to plummet and leading to significant losses for other token holders.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-003/metadata.json b/src/TRC-003/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-003",
   "name": "OwnershipRetrieval",
-  "description": "When Owner permissions are set to a black hole address, it is still possible to fetch owner permissions back to an actionable address.",
+  "description": "Ownership allows adjustments to contract parameters and status, such as minting, slippage modification, trading suspension, and blacklist settings. If the contract's owner cannot be retrieved, is a black hole address, or lacks an owner, these functions are usually disabled. However, these risky functions may be reactivated if ownership is reclaimed.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-004/metadata.json b/src/TRC-004/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-004",
   "name": "BalanceManipulation",
-  "description": "Changes can be made to the user's balance without the user's allowance to achieve a reduction in the percentage of the user's position.",
+  "description": "Tokens with this feature allow the owner to modify anyone's balance, potentially setting it to 0 or enabling massive minting and sell-off. This function generally relies on ownership. If the contract's owner cannot be retrieved, is a black hole address, or lacks an owner, ownership-related functionality is usually disabled.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-005/metadata.json b/src/TRC-005/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-005",
   "name": "HiddenOwnership",
-  "description": "To hide the status of a privileged address, set it to an unreadable address, or to name it using a non-standard method.",
+  "description": "Hidden ownership is used by developers to maintain ownership ability even after abandoning ownership, and is often an indicator of malicious intent. When a hidden owner exists, the ownership has not been abandoned.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-006/metadata.json b/src/TRC-006/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-006",
   "name": "SelfDestruction",
-  "description": "The contract can be destroyed, resulting in the loss of all functionality and zeroing of assets.",
+  "description": "When the self-destruct function is triggered, the contract is destroyed, making all its functions unavailable and erasing all related assets. This method can also be used to update the contract by replacing it with a new one.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-007/metadata.json b/src/TRC-007/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-007",
   "name": "ExternalInvocation",
-  "description": "Certain functions or logic judgments within the contract rely on external contracts.",
+  "description": "External calls make this contract's implementation dependent on other external contracts, which may introduce additional risks.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-008/metadata.json b/src/TRC-008/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-008",
   "name": "BlackListFunction",
-  "description": "Restrict trading to specific addresses, preventing them from buying/selling, or selling only at a high loss",
+  "description": "The contract owner can add any address to the blacklist, preventing those addresses from trading. Abuse of this function poses significant risks. For contracts without an owner, or if the owner is a black hole address, the blacklist cannot be updated, but the existing blacklist remains in effect.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-009/metadata.json b/src/TRC-009/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "TRC-009",
-  "name": "FullSaleRestriction",
-  "description": "Users are unable to sell their entire position all at once. They can only trade a portion as a percentage or retain a certain amount of holdings.",
+  "name": "WhiteListFunction",
+  "description": "WhiteListFunction is used to allow specific addresses to make early transactions, tax-free, and unaffected by transaction suspensions. For contracts without an owner, or if the owner is a black hole address, the whitelist cannot be updated, but the existing whitelist remains in effect.",
   "samples": [
     {
       "name": "01.sol"

diff --git a/src/TRC-009/pattern.sol b/src/TRC-009/pattern.sol
@@ -1,8 +1,10 @@
 function _transfer(address from, address recipient, uint256 amount) internal virtual override returns (bool) {
   require(_balances[_msgSender()] >= amount, );
-  require(_balances(from).sub(amount)>=1*10**18,);
   _balances[_msgSender()] -= amount;
-  _balances[recipient] += amount;
-  emit Transfer(_msgSender(), recipient, amount);
+  uint256 fee = amount.mul(feeRate).div(100);
+  if (whitelist[msg.sender] == ture)
+  fee = 0;
+  _balances[recipient] += (amount-fee);
+  emit Transfer(_msgSender(), recipient, amount-fee);
   return true;
 }