vio-codes / TokenChecks

Perform various checks against tokens on-chain with 0 gas and 0 deployments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Token Checks for MEV

On-chain checks for common types of smart contract scams. Useful for anyone exploring MEV. See the original TokenProvidence repo for more details on these types of checks. Check them out in /contracts.

This repo is a hardhat-ified and constructor optimized version of OxV19's providence checks. Thanks to DrGorilla for the constructor input to avoid deploying the contracts at all.

I added some basic tests to show how they can be used. Check them out in test/ to see how to use these contracts efficently.

I also added on an example of geth's state override set inspired by libevm's tweet. These are the flashSwap.ts files in test and scripts. These need to be heavily modified to be useful in a production setting, but they serve as an example for now.

Setup

  • cp .env.example .env
  • Fill out the .env file
  • npm install

Tests

  • npm run test

Usage

Checking Tokens using a constructor only contract

  • npm run token <token address>
  • e.g. npm run token 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 for USDC
  • e.g. npm run token 0x843976d0705c821ae02ab72ab505a496765c8f93 for some honeypot

Checking Tokens using geth's state override set

  • npm run token <token address>
  • e.g. npm run token-override 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 for USDC
  • e.g. npm run token-override 0x843976d0705c821ae02ab72ab505a496765c8f93 for some honeypot

This seems to be the more robust way, so as to avoid intelligent malicious contracts like EvilERC20. Thanks to Ape Dev's tweet and PR for this very sneaky contract.

Flash Swap

There is also a Uniswap Flash Swap example between UniswapV2 and Sushiswap on their ETH<>DAI pairs. Running npm run flash will test the opportunity without deploying any contracts.

Note, this example is unlikely to find an arb as that's a heavily watched pair. Also, the example is:

  • Not gas optimized.
  • Only works one way and tries to get a profit of 1e-18 DAI.
  • Probably not secure enough for production use.

Think of it as a proof of concept to help you learn about flash swaps and usage of eth_call.

Inspired by:

WARNING

Not responsible for any errors which may occur. Use at your own risk.

About

Perform various checks against tokens on-chain with 0 gas and 0 deployments

License:MIT License


Languages

Language:Solidity 51.9%Language:TypeScript 46.4%Language:JavaScript 1.6%Language:Shell 0.0%