On November 17, the GoPlus Security Research Institute conducted a detailed security risk scan of more than 30 x402 projects and community warning risk projects in Binance Wallet and OKX Wallet, and found that the following projects had excessive authorization, signature replay, HonyPot (Pixiu token), and unlimited risk of additional issuance.
FLOCK (0x5ab3): The transferERC20 function owner can extract any number of arbitrary tokens from the contract.
X420 (0x68e2): The crosschainMint function can cast tokens without limit.
U402 (0xd2b3): mintByBond function bonds can be minted without limit.
MRDN (0xe57e): The withdrawToken function owner can withdraw any number of any tokens from the contract.
PENG (0x4444ee, 0x444450, 0x444428): The manualSwap function owner can withdraw ETH from the contract, and the transferFrom function bypasses the allowance check for special accounts.
x402Token (0x40ff): The transferFrom function special account bypasses the allowance check.
X402b (0xd8af5f): The manualSwap function owner can withdraw ETH from the contract, and the transferFrom function bypasses the allowance check for special accounts.
x402MO (0x3c47df): The manualSwap function owner can withdraw ETH from the contract, and the transferFrom function bypasses the allowance check for special accounts.
Security Research Institute: Discovered risks in multiple x402 ecosystem projects, including over-authorization, signature replay, and more
2025-11-17 10:37:11
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
安全研究院:发现多个x402生态项目存在风险,包括过度授权、签名重放等Next article:
大摩坚定唱多美股:盈利强劲支撑牛市 标普500明年料再涨16%至7800点