Security Research Institute: Several x402 ecosystem projects have been found to have risks, including over-authorization and signature replay issues.

On November 17, GoPlus Security Research Institute conducted a detailed security risk scan on more than 30 x402 projects and community warning risk projects in Binance Wallet and OKX Wallet, finding that the following projects have risks of excessive authorization, signature replay, HonyPot (Pixiu token), and unlimited minting.

FLOCK (0x5ab3): The transferERC20 function allows the owner to withdraw any amount of any token from the contract.

x420 (0x68e2): The crosschainMint function can mint tokens without restriction.

U402 (0xd2b3): The mintByBond function allows unlimited token minting by bond.

MRDN (0xe57e): The withdrawToken function allows the owner to withdraw any amount of any token from the contract.

PENG (0x4444ee, 0x444450, 0x444428): The manualSwap function allows the owner to withdraw ETH from the contract, and the transferFrom function bypasses allowance checks for special accounts.

x402Token (0x40ff): The transferFrom function bypasses allowance checks for special accounts.

x402b (0xd8af5f): The manualSwap function allows the owner to withdraw ETH from the contract, and the transferFrom function bypasses allowance checks for special accounts.

x402MO (0x3c47df): The manualSwap function allows the owner to withdraw ETH from the contract, and the transferFrom function bypasses allowance checks for special accounts.