Closed qbzzt closed 1 year ago
This article would link to https://github.com/ethereum/ethereum-org-website/pull/10115, which explains it at the end user level.
@konopkja : I am unsure if tutorials is a good place for this or if this is a good idea in general, would like others to give their opinion. @minimalsm @wackerow @corwintines
qbzzt: I've written multiple tutorials that were annotated source code (https://ethereum.org/en/developers/tutorials/uniswap-v2-annotated-code/, https://ethereum.org/en/developers/tutorials/optimism-std-bridge-annotated-code/) and were very well received, so I think annotated source code is a good way to provide training for medium-skilled level people (they know how to write Solidity, but not what to write and why).
You can argue that teaching people how to scam is a bad idea, but scammer already know these techniques. They are especially motivated to learn them. The people this article will reach are likely to be those that need to write code that deals with potential scams.
good point, if this is written in the style of prevention I am onboard with the idea.
So "some tricks that scammers use and how we can detect them"? That would be a good article to write. I updated the proposal.
In support of this... The existing in-depth contract write-ups you've written have indeed been well-received... @qbzzt I think the outline you provided sounds like a great direction to go, and you should use your judgement. I don't doubt you will, but just encouraging use of language that is strictly educational and for the safety of users with this topic. Obviously by no means are we trying to teach scammers, but instead arm users with the tools and knowledge to stay safe. Look forward to reading it!
@corwintines @minimalsm pls give your perspective as well
Can you tell me if this is approved and I can start working on it?
@corwintines @minimalsm, should I start working on this tutorial?
I am onboard for this as well.
Hey @qbzzt! Sorry for delays on response, but would certainly appreciate this tutorial (keeping mindful of the tone we set as noted in my comment above). Personally really enjoyed the beginner guide you published, and think this would make a great follow up. Will support you working on this at your leisure! 🙏
Sorry for the delay. I'll work on this, but right now I need to change a whole bunch of tests that have :yul
to use the correct fork so they won't compile with PUSH0
for a fork that predates it.
It looks like the detection tricks I thought I came up with don't work :-( . They'd work if certain functions of the scam token were called, but looking at the actual events, it looks like they haven't been.
I'll try to figure a different way to achieve detection.
PR merged into dev
, I think this issue has done its job.
Tutorial title
Some tricks used by scam tokens and how to detect them
Tutorial description
In this tutorial we dissect a scam token to see some of the tricks that scammers play and how they implement them. By the end of the tutorial the reader will have a more comprehensive view of ERC-20 token contracts, their capabilities, and why skepticism is necessary
Tutorial tags
scam solidity erc-20
Skill level
Intermediate
Hosted on ethereum.org or hosted elsewhere?
Hosted on ethereum.org
For tutorials to be hosted on Ethereum.org: Tutorial Content
wARB
is a scam? Why is the source code available?mount
function 2.4. The fake_transfer
function 2.5. The real_f_
function 2.6. The fake events functiondropNewTokens
2.7. Why bothauth
andapprover
? Why themod
that does nothing? 2.8. The burningApprove
function.For tutorials hosted elsewhere: URL to tutorial
No response
Would you like to work on this issue?