Risks & Security

Honeypot

Honeypot Contract

Malicious contract that traps user funds with hidden withdrawal restrictions

Definition

A honeypot is a malicious smart contract designed to trap users' funds. It appears to allow profitable interactions but contains hidden mechanisms preventing fund withdrawal.

Honeypot (Honeypot Contract) is a risk term used to understand Malicious contract that traps user funds with hidden withdrawal restrictions. In practice, it matters because it affects how users evaluate protocols, compare opportunities, and avoid hidden assumptions.

Example

A token allows you to buy but has hidden code preventing sells, or a contract appears profitable but reverts all withdrawal attempts.

1

How it works

In practice, the concept shows up like this: A token allows you to buy but has hidden code preventing sells, or a contract appears profitable but reverts all withdrawal attempts.

2

Why it matters

Honeypot matters because small misunderstandings in DeFi can turn into bad pricing, liquidation, governance, custody, or smart-contract risk. A good mental model helps you compare protocols without relying on marketing language.

3

What to check

Treat it as a risk term: identify the failure mode, who can be harmed, and what evidence would reduce that risk. The main checks are: Permanent fund loss; Hidden restrictions; Deceptive mechanics.

Risks to Consider

  • Permanent fund loss
  • Hidden restrictions
  • Deceptive mechanics

Common Questions

What does Honeypot mean in DeFi?

Honeypot means Malicious contract that traps user funds with hidden withdrawal restrictions. The useful question is not only the definition, but how the mechanism changes risk, return, liquidity, or governance for the user.

How is Honeypot used in practice?

A practical example: A token allows you to buy but has hidden code preventing sells, or a contract appears profitable but reverts all withdrawal attempts.

What should I check before relying on Honeypot?

Check permanent fund loss, hidden restrictions, deceptive mechanics. Also verify liquidity, oracle assumptions, admin controls, and whether the protocol has been tested during stressed markets.

Related Terms

    Related Articles

    The Hitchhiker's Guide to Crypto Bullshit: How to spot a shitcoin?

    The Hitchhiker's Guide to Crypto Bullshit: How to spot a shitcoin?

    Looking to invest in an ICO, or get your hands on some already traded coins? Awesome, welcome aboard! Before you jump in, let me give you some clues to spot shaky projects with examples taken from actual ones. These tips come from my experience (and failures) as well the discussion I had both with friends and the cryptocurrency community. The Whitepaper is ALWAYS the most insightful resource Whitepapers (WP for the rest of this article) can be scary. While some manage to keep it short (~10 pages), others can reach the hundreds yet it’s the best place to gauge the seriousness of a project. It’s still the first thing I check once I’m seriously considering a coin. So what should you be watching closely in a WP?

    DeFi Bullshit Detector

    DeFi Bullshit Detector

    In the Arena this week, I tried something different: instead of doing things onchain as usual, I wanted to show how to setup a Claude instance dedicated to DeFi research, and the results were impressive. In 1h15, we were able to setup a new Claude instance from scratch, have it write its claude.md file with our instructions, install the necessary tools to query onchain data, and perform a test analysis on ThGold which returned many critical red flags, several of which were not previously discovered by another researcher as far as I could see.

    DeFi Glossary