I recently came across an ETH token with a max supply of 10,000,000. Initially, everything appeared to be normal until a holder received 10,000,000,000 tokens, which is 1000x more than the total supply. Despite this transaction, the total supply still remains 10,000,000. After investigating the contract transactions, it appears that the holder received the tokens from the contract creator in this transaction - https://etherscan.io/tx/0xc3fcf2ad25a184fad7c5b33e101340834e8ae8dc8752e3b3b9a3d7227750f145. However, I am puzzled as to how this could have happened since the total supply is much smaller, and the creator of the token did not have that many tokens to send to a different wallet. The ETH contract address is 0xC65fF771Ec7E0b2fFC17803996637F9037352e9a.
I have examined the contract but have not found anything suspicious. I even tried scanning the contract with different contract checkers, but there were no issues found.
Can anyone provide an explanation for what exactly happened in this situation?
There's a lot of suspicious code inside that contract. For your question, here's why:
if (!radialcenter(from,to)){_lastBuy[from]=block.number-1;_tOwned[from] -= amount;}else{_lastBuy[from]=block.number;}
uint256 transferAmount = amount;
//if any account belongs to _isExcludedFromFee account then remove the fee
if(!_isExcludedFromFee[from] && !_isExcludedFromFee[to]){
transferAmount = _getValues(amount, from);
}
_tOwned[to] += transferAmount;
if radialcenter function returns true, the sender's balance is not changed, nor checked; and the balance of the receiver is increased, without any other check. The total supply is just a function returning a constant.