Why Trick Me: The Honeypot Traps on Decentralized Exchanges

Decentralized Exchanges (DEXs) are one of the most important infrastructures in the world of Decentralized Finance (DeFi) and are generally considered more reliable than centralized exchanges (CEXs). However, some well-known decentralized exchanges (e.g., Uniswap) allow the deployment of any unaudited ERC20 tokens, resulting in the creation of numerous honeypot traps designed to steal traders' assets: traders can exchange valuable assets (e.g., ETH) for fraudulent tokens in liquidity pools but are unable to exchange them back for the original assets. In this paper, we introduce honeypot traps on decentralized exchanges and provide a taxonomy for these traps according to the attack effect. For different types of traps, we design a detection scheme based on historical data analysis and transaction simulation. We randomly select 10,000 pools from Uniswap V2 \& V3, and then utilize our method to check these pools.Finally, we discover 8,443 abnormal pools, which shows that honeypot traps may exist widely in exchanges like Uniswap. Furthermore, we discuss possible mitigation and defense strategies to protect traders' assets.