GoPlus: Multiple early-stage x402 projects found with high-risk issues such as excessive permissions, unlimited minting, HonyPot, and signature replay attacks

Foresight News reported that GoPlus released the x402 ecosystem risk scan report, stating that several early x402 projects have high-risk issues such as excessive permissions, unlimited minting, HoneyPot, and signature replay. Among them, @402bridge experienced a permissions vulnerability that led to the theft of USDC from over 200 users, and Hello402 also saw a price drop due to unlimited minting and liquidity issues. AI scanning shows that the following projects all have serious risks of directly draining assets or bypassing authorization. Users are reminded to be cautious of early x402 MEME project risks:

• FLOCK (0x5ab3): The transferERC20 function allows the owner to withdraw any amount of any token from the contract.
• x420 (0x68e2): The crosschainMint function can mint tokens without limitation.
• U402 (0xd2b3): The mintByBond function allows the bond to mint tokens without limitation.
• MRDN (0xe57e): The drawbackToken function allows the owner to withdraw any amount of any token from the contract.
• PENG (0x4444ee, 0x444450, 0x444428): The manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses permission checks for special accounts.
• x402Token (0x40ff): The transferFrom function bypasses permission checks for special accounts.
• x402b (0xd8af5f): The manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses permission checks for special accounts.
• x402MO (0x3c47df): The manualSwap function allows the owner to withdraw ETH from the contract, while the transferFrom function bypasses permission checks for special accounts.
• H402 (old version) (0x8bc76a): The drawbackDevToken function allows the owner to mint tokens directly, while the addTokenCredits + redeemTokenCredits functions can achieve unlimited minting.