GoPlus: Multiple early x402 projects have exhibited high-risk issues such as excessive permissions, unlimited issuance, Honeypot, and signature replay.

According to Foresight News, GoPlus released the x402 ecological risk scanning report stating that several early x402 projects have high-risk vulnerabilities such as excessive permissions, unlimited minting, HonyPot, and signature replay. Among them, @402bridge experienced a permissions vulnerability that led to the theft of over 200 users' USDC, and Hello402 also faced a price fall due to unlimited minting and liquidity issues. AI scanning shows that the following projects all have serious risks that could allow assets to be directly withdrawn or bypass authorization, reminding users to be cautious of early x402 MEME project risks: FLOCK (0x5ab3): the transferERC20 function allows the owner to withdraw any amount of any token from the contract. x420 (0x68e2): the crosschainMint function can mint tokens without restriction. U402 (0xd2b3): the mintByBond function allows bond to mint tokens without limit. MRDN (0xe57e): the drawbackToken function allows the owner to withdraw any amount of any token from the contract. PENG (0x4444ee, 0x444450, 0x444428): the manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses the permission checks for special accounts. x402Token (0x40ff): the transferFrom function bypasses the permission checks for special accounts. x402b (0xd8af5f): the manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses the permission checks for special accounts. x402MO (0x3c47df): the manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses the permission checks for special accounts. H402 (old version) (0x8bc76a): the drawbackDevToken function allows the owner to mint tokens directly, while the addTokenCredits + redeemTokenCredits functions can achieve unlimited minting.