GoPlus: Hello 402 contract carries risks of unlimited minting and centralized manipulation

ChainCatcher reported that the GoPlus Chinese community disclosed on the X platform that the Hello 402 contract contains some relatively hidden risks—namely, the potential for unlimited minting and centralized manipulation.

1. The administrator address has extremely high authority, fully controlling the minting and distribution of H402 tokens. For example: the addTokenCredits function allows the administrator to allocate H402 token minting shares to users, but does not check whether this will exceed the MAX_SUPPLY total, effectively creating a backdoor for unlimited minting; the redeemTokenCredits function allows users to actually mint H402 tokens based on their shares; the WithdrawDevToken function allows the administrator address to mint all unallocated shares at once, posing a high risk of centralized manipulation.

2. The project team stated on X that the WithdrawDevToken function is only used for “token replenishment” after the private sale, “ecosystem incentives,” and “profit margin” commitments, but none of these have been specifically implemented at the contract level, resulting in a high risk of centralized breach of contract. Previously, a certain exchange stated that it had launched an investigation into the abnormal behavior of Hello 402, would continue to track on-chain evidence, and reserved the right to take legal action.