fake RAIL was a backdoored token contract. this section lets the attacker forge permit signatures and transfer any user's balance in the contract. 

this scam is common enough that you can often recognize it from this snippet: if there's weird assembly in here and you don't see "ecrecover" anywhere, it's a backdoor.

I work at the posts office

terminally.online

it's a great place to hide a backdoor, because it's low level enough that it's hard to notice unless you know what to look for.

fortunately LLMs are now pretty good at assessing this. copy the source code from Etherscan into o3 and ask "is there anything suspicious about this token contract?"

if you interact with a scam token like this, your *other* assets are safe. all the backdoor enables is stealing back your balance of *this particular* token.

this is how consumer crypto works today

😭

at trust wallet via sequence. pimlico. poap. polygon. metamask. paxful. flipside crypto. dash. bridgewater. darpa. secdef. navy. dia. linktr.ee/alexanderchopan

honestly we could probably automate this!

It's pretty challenging to get something decent (we've experimented) because every token has functionality that can appear sketchy or questionable without added context