We investigate in this work a recently emerging type of scam token called Trapdoor, which has caused the investors hundreds of millions of dollars in the period of 2020-2023. In a nutshell, by embedding logical bugs and/or owner-only features to the smart contract codes, a Trapdoor token allows users to buy but prevent them from selling. We develop the first systematic classification of Trapdoor tokens and a comprehensive list of their programming techniques, accompanied by a detailed analysis on representative scam contracts. We also construct the very first dataset of 1859 manually verified Trapdoor tokens on Uniswap and build effective opcode-based detection tools using popular machine learning classifiers such as Random Forest, XGBoost, and LightGBM, which achieve at least 0.98% accuracies, precisions, recalls, and F1-scores

翻译：本研究调查了近期出现的一种名为“陷阱代币”的诈骗代币，该类代币在2020-2023年期间已导致投资者损失数亿美元。简而言之，陷阱代币通过在智能合约代码中植入逻辑漏洞和/或所有者专有功能，允许用户买入但阻止其卖出。我们首次提出了陷阱代币的系统分类及其编程技术的完整清单，并对代表性诈骗合约进行了详细分析。我们还构建了首个包含1859个经人工验证的Uniswap陷阱代币数据集，并利用随机森林、XGBoost和LightGBM等主流机器学习分类器构建了基于操作码的有效检测工具，其准确率、精确率、召回率和F1分数均达到至少0.98。