I built a tool to detect honeypot tokens (ERC20 contracts that let you buy but block selling). It uses 13 regex patterns to scan for tx.origin abuse and other sell-blocking techniques.
*How it works:*
- Fetches verified source code from Etherscan
- Runs pattern matching for common honeypot techniques
- Returns results in ~2 seconds
- Threshold: 2+ patterns = 95% confidence honeypot
*Architecture:*
- Cloudflare Workers for edge computing
- KV for caching (95% hit rate, 24hr TTL)
- 6 Etherscan API keys with rotation
- Supports Ethereum, Polygon, Arbitrum
*Key insight:* Smart contracts are immutable, so aggressive caching works perfectly. This lets the free tier handle high traffic ($0/month).
*Limitations:*
- Only detects sell-blocking honeypots
- Doesn't catch obfuscated code, proxy patterns, or time bombs
- Not a full security audit
Live: https://honeypotscan.pages.dev
Source: https://github.com/Teycir/honeypotscan
Open to feedback on detection patterns or evasion techniques I might be missing.
