We investigate in this work a recently emerging type of scam token called Trapdoor, which has caused the investors hundreds of millions of dollars in the period of 2020-2023. In a nutshell, by embedding logical bugs and/or owner-only features to the smart contract codes, a Trapdoor token allows users to buy but prevent them from selling. We develop the first systematic classification of Trapdoor tokens and a comprehensive list of their programming techniques, accompanied by a detailed analysis on representative scam contracts. We also construct the very first dataset of 1859 manually verified Trapdoor tokens on Uniswap and build effective opcode-based detection tools using popular machine learning classifiers such as Random Forest, XGBoost, and LightGBM, which achieve at least 0.98% accuracies, precisions, recalls, and F1-scores.

翻译：本研究针对近期出现的一类新型诈骗代币——陷阱代币（Trapdoor）展开分析。在2020-2023年间，该类代币已导致投资者损失数亿美元。本质上，陷阱代币通过在智能合约代码中嵌入逻辑漏洞或所有者独享功能，允许用户买入但禁止其卖出。我们首次提出了陷阱代币的系统分类体系及完整的编程技术清单，并对代表性诈骗合约进行了详细分析。同时构建了首个包含1859个经人工验证的Uniswap陷阱代币数据集，基于随机森林、XGBoost和LightGBM等主流机器学习分类器开发了高效的字节码检测工具，其准确率、精确率、召回率及F1分数均达到至少0.98%。