Freeze & Seize

🧊 FREEZE & SEIZE (Pausable / Blacklist / Confiscation Exploits)

đź“Ś Definition

Freeze & Seize is a scam technique found in ERC-20 tokens that misuses permissions like:

  • Pausable (can stop all transfers),

  • Blacklistable (can block specific users),

  • Confiscatable (can seize assets).

Although these functions are sometimes included for regulatory or security reasons (e.g. hacks), in centralized control they can be turned into a fraud mechanism used against investors.

🔧 How It Works

Function Type
Description

pause()

Freezes all token transfers. Users cannot send or sell tokens.

freeze(address)

Blocks transfers from a specific address.

blacklist(address)

Marks the address as blacklisted, causing transactions to fail.

confiscate(address)

Transfers tokens from the user’s wallet directly to the admin.

With these functions, an admin may:

  • Lock users' wallets at peak price to prevent selling.

  • Seize user-held tokens.

  • Block transfers for users while continuing their own transactions.

🔍 Are LP NFTs Affected by Freeze & Seize?

Not directly — but they can be impacted.

In protocols like Uniswap V3, liquidity positions are represented as NFTs (LP NFTs). If a malicious admin adds freeze or seize controls into an ERC-721 contract, they can:

  • Freeze your LP NFT (preventing you from transferring it),

  • Or transfer it to their own wallet.

Although rare, LP NFTs are still digital assets and if smart contracts permit admin control, they are not immune to Freeze & Seize attacks.

đź“‹Smart Contract Mechanisms Commonly Used

Function
Description

pause()

Usually protected by onlyOwner; halts all transfers.

setBlacklist(address, true)

Adds an address to the blacklist.

transferFrom(address, admin, amount)

Enables admin to move tokens from a user wallet.

emergencyWithdraw() or seize()

Transfers user funds to the admin under the name of “emergency.”

🛡️ Ways to Protect Yourself

Protection Strategy
Explanation

Check contract functions on Etherscan

Look for pause(), freeze(), blacklist() in the verified code.

Always review audit reports

Make sure those functions are mentioned and explained in detail.

Ensure admin uses a multisig wallet

Single-wallet control increases the risk of abuse.

Was ownership renounced?

If renounceOwnership() was called, admin functions are disabled.

Has control moved to a community DAO?

If yes, the risk of centralized abuse is significantly reduced.

PreviousProxy Upgrade AttackNextTrumpElon ( TET ) Meme Coin

Last updated

Was this helpful?