I did a research a few months ago on identifying scam projects in crypto using static analysis.
In fact, this research started from here when I was auditing a project and came across a very strange piece of code that gave a strange access to a person from the project team who could transfer any user's assets to any address at any time without having enough Allowance.
After reviewing this code and writing a POC for it and reporting it, I decided to research more about similar scam and rug pull methods in crypto and the focus here was on projects that implement this at the code level and not projects that use Ponzi or pump and dump methods and similar things. After studying and researching and reviewing the source code of different projects, I came across some interesting methods.
I previously explained this value in x and after getting acquainted with this network, I decided to publish some of those tweets here.
Meanwhile, the first project from which this research began is not yet finished. A few months ago, I sent the report to a company. After completing the work, I will try to explain it in detail here, on X, etc., and will probably publish a detailed article about it on Medium.