ethereum / ethereum-org-website

Ethereum.org is a primary online resource for the Ethereum community.
https://ethereum.org/
MIT License
5.06k stars 4.81k forks source link

Suggest a tutorial: Scam Tokens 101 #9495

Closed qbzzt closed 1 year ago

qbzzt commented 1 year ago

Tutorial title

Scam Token 101

Tutorial description

In this tutorial the reader learns many of the tricks used by scam tokens (tokens that pretend to be other than what they really are) to appear legitimate, how those tricks are implemented, and how to identify them.

  1. Naming
  2. Ownership by legitimate entities (how to fake it and how to create it legitimately)
  3. Transfers supposedly from legitimate sources (fake events and fake allowances that allow for real transfers)
  4. Rejecting transfers for a scammy UI

Tutorial tags

scam solidity erc-20

Skill level

Beginner

Hosted on ethereum.org or hosted elsewhere?

Hosted on ethereum.org

For tutorials to be hosted on Ethereum.org: Tutorial Content

  1. ERC-20 contracts and why they are abused
  2. Pretending to be legitimate
    1. Naming
    2. Real owners for the fake token
  3. Transfers from legitimate sources
    1. Fake `Transfer` events
    2. Fake allowances for real transfers
  4. How scammers direct users to their own UI

For tutorials hosted elsewhere: URL to tutorial

No response

konopkja commented 1 year ago

Hey @qbzzt this is certainly an important topic! Looking at the proposed structure it looks more like an explanatory article than a tutorial/guide on how to perform a set of actions. Can you confirm this or provide clarification?

qbzzt commented 1 year ago

I think it would be most readable if I make it a tongue in cheek "this is how you'd commit fraud" article, with an introduction that explains why I'm doing it like that.

If you'd rather I wrote it as an exploratory article, I'll be happy to do that - where in the site would you want it?

konopkja commented 1 year ago

this topic would be vital for beginners who might be tempted to invest in unknown altcoins in hopes of a quick buck, especially during the bull craze phase.

I can see it being useful as a set of clear instructions or checklists with an explanation on how to evaluate whether a specific token is a scam or not or as an explanatory article. It would be mostly in our learn section of the website and also mentioned on the scam prevention and security page.

qbzzt commented 1 year ago

This isn't so much about investing in altcoins, as it is attempting to invest in legitimate coins, but being suckered. I assume it would go under https://ethereum.org/en/guides/#security-basics.

I work for Optimism. Is it OK if I use our token as an example (showing people who tried to clone it, what they did, etc.)? Assuming Optimism approves, of course.

konopkja commented 1 year ago

it is ok to use optimism as an example, but bear in mind this section of the website is meant for beginners. It is intended to be an actionable, practical guide on performing a set of actions step by step with a minimal theoretical background.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 45 days with no activity.

konopkja commented 1 year ago

Hello @qbzzt ! Do you still want to work on this issue? the original format you proposed could be under the scam and prevention page as a subpage perhaps.

qbzzt commented 1 year ago

Yes. I finally have some time to breathe, so I'll probably do it tomorrow.

qbzzt commented 1 year ago

I'm working on it now, and I discovered a great (as an example) scam token: https://etherscan.io/token/0xb047c8032b99841713b8e3872f06cf32beb27b82#code . Are you still interested in annotated source code articles? If so, I'll be happy to write one that explains this scam token and how the scam works. It'll be an interesting sequel to the article where I explained legit ERC-20 (https://ethereum.org/en/developers/tutorials/erc20-annotated-code/).

konopkja commented 1 year ago

I'm working on it now, and I discovered a great (as an example) scam token: https://etherscan.io/token/0xb047c8032b99841713b8e3872f06cf32beb27b82#code . Are you still interested in annotated source code articles? If so, I'll be happy to write one that explains this scam token and how the scam works. It'll be an interesting sequel to the article where I explained legit ERC-20 (https://ethereum.org/en/developers/tutorials/erc20-annotated-code/).

it really depends on the goal of the article and its target audience. I do not think code snippets are easy or neccessary for "beginners".

qbzzt commented 1 year ago

Of course not. This would be a developer level article, not a user level guide. It would go under https://ethereum.org/en/developers/tutorials/. It would explore the tricks that scammers play more in-depth. I could write a detailed proposal if you think it might be a relevant article.

On Tue, May 2, 2023, 8:37 PM Jakub @.***> wrote:

I'm working on it now, and I discovered a great (as an example) scam token: https://etherscan.io/token/0xb047c8032b99841713b8e3872f06cf32beb27b82#code . Are you still interested in annotated source code articles? If so, I'll be happy to write one that explains this scam token and how the scam works. It'll be an interesting sequel to the article where I explained legit ERC-20 (https://ethereum.org/en/developers/tutorials/erc20-annotated-code/ ).

it really depends on the goal of the article and its target audience. I do not think code snippets are easy or neccessary for "beginners".

— Reply to this email directly, view it on GitHub https://github.com/ethereum/ethereum-org-website/issues/9495#issuecomment-1532351939, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADBCGGPB772JGKXTIKSROYTXEGZFVANCNFSM6AAAAAAU46VJVM . You are receiving this because you were mentioned.Message ID: @.***>

konopkja commented 1 year ago

I am unsure if tutorials is a good place for this or if this is a good idea in general, would like others to give their opinion. @minimalsm @wackerow @corwintines

qbzzt commented 1 year ago

Lets move the discussion to https://github.com/ethereum/ethereum-org-website/issues/10117

qbzzt commented 1 year ago

The goal is to provide actionable step by step guidance to the users.

There is no standard mechanism by which organizations publish what is the address of their legitimate token, so it would be difficult to do step by step directions on how to avoid a scam token.

Secondly, it assumes a lot of prior knowledge on the user. It is fine as it is for somewhat experienced web3 user, but perhaps a few more explicit modifications could greatly improve the accessibility for novice reader.

I'll add some clarifications this weekend.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 45 days with no activity.

qbzzt commented 1 year ago

Closed by https://github.com/ethereum/ethereum-org-website/pull/10115