Home > Quick > Body

Security Research Institute: Discovered risks in multiple x402 ecosystem projects, including over-authorization, signature replay, and more

clock
2025-11-17 10:37:11
On November 17, the GoPlus Security Research Institute conducted a detailed security risk scan of more than 30 x402 projects and community warning risk projects in Binance Wallet and OKX Wallet, and found that the following projects had excessive authorization, signature replay, HonyPot (Pixiu token), and unlimited risk of additional issuance.
FLOCK (0x5ab3): The transferERC20 function owner can extract any number of arbitrary tokens from the contract.
X420 (0x68e2): The crosschainMint function can cast tokens without limit.
U402 (0xd2b3): mintByBond function bonds can be minted without limit.
MRDN (0xe57e): The withdrawToken function owner can withdraw any number of any tokens from the contract.
PENG (0x4444ee, 0x444450, 0x444428): The manualSwap function owner can withdraw ETH from the contract, and the transferFrom function bypasses the allowance check for special accounts.
x402Token (0x40ff): The transferFrom function special account bypasses the allowance check.
X402b (0xd8af5f): The manualSwap function owner can withdraw ETH from the contract, and the transferFrom function bypasses the allowance check for special accounts.
x402MO (0x3c47df): The manualSwap function owner can withdraw ETH from the contract, and the transferFrom function bypasses the allowance check for special accounts.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.