I built a tool to detect honeypot tokens (ERC20 contracts that let you buy but block selling). It uses 13 regex patterns to scan for tx.origin abuse and other sell-blocking techniques.
*How it works:*
- Fetches verified source code from Etherscan
- Runs pattern matching for common honeypot techniques
- Returns results in ~2 seconds
- Threshold: 2+ patterns = 95% confidence honeypot
*Architecture:*
- Cloudflare Workers for edge computing
- KV for caching (95% hit rate, 24hr TTL)
- 6 Etherscan API keys with rotation
- Supports Ethereum, Polygon, Arbitrum
*Key insight:* Smart contracts are immutable, so aggressive caching works perfectly. This lets the free tier handle high traffic ($0/month).
*Limitations:*
- Only detects sell-blocking honeypots
- Doesn't catch obfuscated code, proxy patterns, or time bombs
- Not a full security audit
*How it works:* - Fetches verified source code from Etherscan - Runs pattern matching for common honeypot techniques - Returns results in ~2 seconds - Threshold: 2+ patterns = 95% confidence honeypot
*Architecture:* - Cloudflare Workers for edge computing - KV for caching (95% hit rate, 24hr TTL) - 6 Etherscan API keys with rotation - Supports Ethereum, Polygon, Arbitrum
*Key insight:* Smart contracts are immutable, so aggressive caching works perfectly. This lets the free tier handle high traffic ($0/month).
*Limitations:* - Only detects sell-blocking honeypots - Doesn't catch obfuscated code, proxy patterns, or time bombs - Not a full security audit
Live: https://honeypotscan.pages.dev Source: https://github.com/Teycir/honeypotscan
Open to feedback on detection patterns or evasion techniques I might be missing.