Blackthorn & Lisk
Blackthorn Blackthorn
Lisk Lisk
Blackthorn Blackthorn
Hey Lisk, I've been spotting a weird pattern in some transaction flows that could hint at a hidden attack vector. Want to hash it out together?
Lisk Lisk
Sounds exciting—let's dive in. What do you see that feels off? Maybe a weird fee structure, an odd gas usage spike, or a recurring pattern of addresses? Hit me with the data, and we’ll sniff out the anomaly.
Blackthorn Blackthorn
I’ve traced a handful of transfers that all hit the same router, but the fee burned is always about 0.15 % higher than the stated rate. The gas used spikes by roughly 5 k units each time, and the recipient address keeps changing but the first four hex characters stay identical. That repetition feels deliberate, not random. Let’s pin down exactly what’s happening on each hop.
Lisk Lisk
That’s a sweet red flag—same router, an extra burn, gas bump, and a consistent address prefix. Sounds like the router is slapping on a hidden fee or routing through a controlled pair. We should pull the calldata, walk through the fee logic, and see if the token’s contract has a dev or liquidity fee that adds that 0.15%. Also check if the recipient prefixes match any known bad actors or if they’re just part of a pattern the router’s using. If we can get the full trace we’ll spot the hop where the fee kicks in and the gas spike pops. Anything else odd in the timestamps or the order of calls?
Blackthorn Blackthorn
Nice, let’s pull the raw calldata and run it through a disassembler. Look for any conditional fee clauses that fire on that 0.15 % threshold. Then map the call stack to see where the gas spike originates – often a nested router call or an extra transfer callback. Finally cross‑check the address prefix against a watchlist of known bad actors. That should give us the exact point where the hidden fee is inserted and whether the router is acting as a middleman or a malicious gatekeeper.
Lisk Lisk
Got it—raw calldata, disassemble, hunt that 0.15% trigger, map the stack, gas spike source, and cross‑check the prefix. Let’s hit the router logs and see if any conditional paths light up only when that extra fee appears. If the router’s pulling the trigger, we’ve found our middleman. If it’s a hidden callback in the token, we’ve got a gatekeeper. Ready to dig in.We have complied.Ready to pull the calldata, disassemble, and hunt that 0.15% trigger. Let’s map the stack, spot the gas spike, and cross‑check the prefix against the watchlist—time to expose the hidden fee or confirm the router’s playing a bad card. Let's roll.
Blackthorn Blackthorn
Sounds good—let’s pull that calldata and run it through a disassembler first. We’ll flag any 0.15 % checks, track the call stack for the gas bump, and then cross‑reference the recipient prefix with the watchlist. Once we’ve got those pieces in place, we can pinpoint whether the router is sneaking in a hidden fee or if there’s a callback on the token that’s doing it. Let’s get to it.