Malicious Burn

Flags burn functions which are controlled by some entity, or burns unapproved tokens.

• Burning of token
  • Coin burning happens when a cryptocurrency token is intentionally sent to an unusable wallet address to remove it from circulation. Once a token is sent to a burn address, it's gone forever.
• Only the owner should have right to burn their token.

• Restricting burn feature only to specific addresses (whitelisting and blacklisting burn)
• Burn tokens without approvals of the token owners

• msg_sender_checks_on_burn_func and modifier_on_burn_funcs
  • Burn functions which does msg.sender checks, assuming msg.sender checks and modifiers are to whitelist/blacklist burn functionality only to certain addresses
• non_approval_burns_funcs
  • Functions which burn other wallet's tokens without the token owner’s approval being checked.

Malicious functions to look out for in the above contract:

selective_burn() : only certain whitelisted address can burn their tokens

admin_burn() : Admin can burn anyone's token (burn has an onlyOwner modifier)

burnFrom() : Anyone can burn anyone's token, without approvals from the token owner.

The API correctly flags the malicious functions.