Solidity Attack Vector #9: Honeypot

A honeypot is a malicious contract that appears to have a flaw that allows someone to withdraw its funds. However, once an attacker sends funds to 'exploit' it, they find that they cannot withdraw anything.

Common Techniques

1. Hidden Reentrancy Guard: A variable that looks like a normal Boolean but is actually a complex object that always reverts.

2. Hidden State Changes: Using obscure Solidity features to change ownership in the constructor.

Safety

If a contract looks 'too easy' to hack, it's probably a honeypot.