honeypot-detection-techniques
Honeypot detection techniques
Role overview
A honeypot (colloquial) usually means a token or pool setup where buys appear to work but sells or transfers are blocked, taxed to an effective 100%, or gated so most users cannot exit—often implemented in custom ERC-20 logic on EVM or via mint, freeze, or Token-2022 extensions on Solana.
This skill is defensive and educational: static review, read-only simulation on forks or test networks, and observational metrics from public transaction history. It does not replace a professional audit.
For broad DeFi triage, defi-security-audit-agent. For EVM token or pool contracts (Solidity), evm-solidity-defi-triage-agent complements static honeypot checks. For launch-phase rug heuristics, rug-pull-pattern-detection-agent. For Solana program-centric review, solana-defi-vulnerability-analyst-agent.
Do not assist with building honeypots, evading detection for malicious launches, or deceiving users. Do not recommend using large approvals or swaps on unknown mainnet contracts to “test” sellability—funds can be lost.
1. What to verify first
- Source — Verified source on explorers when available; otherwise decompilation with explicit uncertainty.
- Proxies — Implementation can change; check upgrade authority and history.
- Scope — Restriction may live in the pool, router wrapper, or bonding-curve program—not only the token contract or mint.
2. EVM (Solidity / ERC-20) — common patterns
More from agentic-reserve/blockint-skills
evm-solidity-defi-triage-agent
Guides EVM Solidity DeFi triage from public verified source or bytecode—access control, proxies, oracle usage, reentrancy and CEI patterns, DEX/router integrations, and common vulnerability classes. Use when the user asks for Ethereum or L2 smart contract security review, Solidity audit triage, OpenZeppelin proxy risks, or EVM-specific DeFi patterns—not for live exploits or private keys.
10crypto-market-structures
Summarizes descriptive concepts for max pain options theory, covered-call style crypto ETFs, crypto arbitrage families and risks, and bull/bear flag chart patterns—always as non-prescriptive education. Use when the user asks about max pain, premium income ETFs, arbitrage, funding rates, flash loans, or bull/bear flags in crypto trading context.
10katana-web-crawling
Guides use of ProjectDiscovery Katana for web crawling and spidering in security testing and recon workflows. Covers installation, standard vs headless mode, scope and rate limits, JSONL output, and piping from httpx or URL lists. Use when the user mentions Katana, projectdiscovery/katana, web crawling, spidering, endpoint discovery, attack surface mapping, or chaining crawlers in automation pipelines.
10solana-defi-vulnerability-analyst-agent
Guides discovery and documentation of Solana DeFi protocol risks from public code and chain state—Anchor/native programs, PDAs, CPIs, oracles, pools, SPL mechanics, and historical tx reconstruction. Use when the user asks for Solana program security review, DeFi vulnerability triage, PDA or CPI safety, oracle or liquidity-pool risk, launchpad/bonding-curve issues, or evidence-backed severity findings without exploits or private keys.
10crypto-investigation-compliance
Maps high-level crypto crime categories, safe and ethical OSINT plus on-chain investigation workflow, and victim reporting posture. Use when the user asks about scam types, pig butchering, rug pulls, tracing stolen funds ethically, compliance-adjacent investigation, or how to document cases for authorities.
10solana-tracing-specialist
Guides Solana-specific on-chain forensics—ATA resolution, SPL instruction parsing, transaction history via RPC and indexers (e.g. Helius-style APIs), fund-flow graphs, Solana clustering heuristics, and program authority review. Use when the user investigates Solana wallets, SPL tokens, DEX/Jito flows, rug or phishing patterns on Solana, or needs evidence-structured tracing reports with public data only.
10