Create a bounty for impostor tokens (scams)

Hey all,

I traded a small amount of XDAI for Bao tokens on Honeyswap Yesterday, before realising the Bao tokens I was trading for are not bridged from the mainnet and rather minted on XDAI and thus, I assume, a scam. The contract address is as follows > 0x43766080c052d97a8206cccb114f99651e26de61 and there is currently a small XDAI + Bao pool on honeyswap > https://info.honeyswap.org/pair/0x109437f31702f983b798de5032ecb4487422022d which is trading at a different rate to the mainnet (which is what gave me the initial clues).

I know that it is up to me as the user to be smart and make sure the token I am trying to get is the real deal, however it is not as simple process as the mainnet and therefore a lot more likely that innocent honeyswap users could be scammed out of their hard earned HNY. Particularly as a lot of new users are attracted to honeyswap to avoid the ever increasing mainnet fees.

I think it would be great if we could come up with a plan to incentivise 1hive users to find and destroy fake token contracts and thus reduce the dangers of our swap.

I’m not sure the best way to achieve this, but I think something like 1-10 XDAI worth of HNY for each bad contract would be a nice little incentive to help the whole community. I personally would do it for free if I knew the process necessary to flag and remove a token (in fact if someone can explain the options here, that would be great!)

Thanks,
Sam

2 Likes

I made a proposal to just make a live traduction of mainnet ERC20 address to xDai ERC20 address inside the honeyswap interface, maybe should worth it reconsidering

3 Likes

Very good catch. The real BAO token which actually has zero liquidity on honeyswap is 0x82dFe19164729949fD66Da1a37BC70dD6c4746ce

Maybe we can provide the following link somewhere bridged tokens list

3 Likes

Does this mean I would be able to see the mainnet contract of the bridged token within honeyswap? Can you please add a link to this proposal? Sounds like an excellent idea!

Thank you, I took about an hour of researching to learn how to do this. If we can make this information very easy to find for new users then it will certainly help us grow. People will look for only so long before giving up.

Thanks. Sounds like you were onto the same idea as me. I just figured the community bounty model might be easy, since it can be easy to see once you have learned the details and a lot of the 1hive community would find the necessary information easily. I just don’t know where to go from here to get a suspect token liquidity pool removed.

i don’t know that we can or want to really create a bounty around this since anyone can make a scam pair and then just request a bounty for finding a scam they essentially created. Better solution is to provide people with the tools to make the right decision. We can make the token list more visible.

That said maybe there is an automated solution here… we do have the token list, I just went through and populated 75 new tokens (including the correct BAO token) to be added to the list so that may help some. I will leave it up for a bit then create the PR this weekend if no comments.

1 Like

I have concerns over this as well and am wondering if we give better tools or whether we just need to do what uniswap does - flag a warning on tokens that are not whitelisted (so the user acknowledges they know what the hazards are and knows what they are doing).

If there is a bounty I would support a tool generally to check tokens before paying out a bounty on every tom dick and harry imposter as this would just encourage gaming of the system to get bounties by putting up more of these scams. So inherently I am against doing a bounty for finding these. I want a workorder/proposal to create a token checker.

1 Like

Is it possible to display something like a verified badge on a token on honeyswap? I think you would just need a database of token contract addresses and match these

I was thinking we would have someone flag it as a dodgy contract and it goes for review by other users to ensure genuine contracts can’t be targeted. That would limit the likelihood of someone trying to exploit the bounty program. I was also imagining it would be only a small bounty, kind of like returning bottles to the recycling depot for 10c. They aren’t professional hackers showing us critical bugs/exploits, just the everyday user who has a grasp on xdai and blockscout.

The issue I find with this is that a new token can come along and create a lot of buzz, long before uniswap updates to include it on their verified lists. So people tend to ignore these flags in order to get in early. I know the responsibility is always on the user, but the fact that the contract is one step removed from the etherscan address means there is that extra opportunity for scams on honeyswap.