GoPlus: Hello 402 Contract Poses Risks of Unlimited Inflation and Centralized Control

BlockBeats News, November 12th, GoPlus posted on social media stating that the Hello 402 contract has some relatively hidden risks—unlimited issuance and centralization manipulation risks, as detailed below:

· The administrator address has extremely high permissions, fully controlling the minting and distribution of $H402. For example, the addTokenCredits function allows the administrator to allocate $H402 minting shares to users without checking if it would exceed the MAX_SUPPLY total, creating a backdoor for unlimited issuance;

· The redeemTokenCredits function allows users to mint $H402 based on their shares;

· The WithdrawDevToken function allows the administrator address to mint all unallocated shares at once, posing a high risk of centralization manipulation.

· The WithdrawDevToken function declared by the project in X is only used for post-private sale "token replenishment," "ecosystem incentives," "profit space," and other promises, none of which have been specifically implemented at the contract level, posing a high risk of centralization default.

GoPlus stated that, from a technical perspective, a responsible project team can fully implement these commitments that safeguard the interests of the community and investors through the contract and make them public. For example, embedding specific time for "private sale completion" in the contract, embedding specific logic for "token minting and unlocking" in the contract, etc.