Exposing Hidden Backdoors in NFT Smart Contracts: A Static Security Analysis of Rug Pull Patterns

Exposing Hidden Backdoors in NFT Smart Contracts: A Static Security Analysis of Rug Pull Patterns | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Exposing Hidden Backdoors in NFT Smart Contracts: A Static Security Analysis of Rug Pull Patterns Chetan Pathade, Shweta Hooli This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8468227/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract The explosive growth of Non-Fungible Tokens (NFTs) has revolutionized digital ownership by enabling the creation, exchange, and monetization of unique assets on blockchain networks. However, this surge in popularity has also given rise to a disturbing trend: the emergence of rug pulls - fraudulent schemes where developers exploit trust and smart contract privileges to drain user funds or invalidate asset ownership. Central to many of these scams are hidden backdoors embedded within NFT smart contracts. Unlike unintentional bugs, these backdoors are deliberately coded and often obfuscated to bypass traditional audits and exploit investor confidence. In this paper, we present a large-scale static analysis of 49,940 verified NFT smart contracts using Slither, a static analysis framework, to uncover latent vulnerabilities commonly linked to rug pulls. We introduce a custom risk scoring model that classifies contracts into high, medium, or low risk tiers based on the presence and severity of rug pull indicators. Our dataset was derived from verified contracts on the Ethereum mainnet, and we generate multiple visualizations to highlight red flag clusters, issue prevalence, and co-occurrence of critical vulnerabilities. While we do not perform live exploits, our results reveal how malicious patterns often missed by simple reviews can be surfaced through static analysis at scale. We conclude by offering mitigation strategies for developers, marketplaces, and auditors to enhance smart contract security. By exposing how hidden backdoors manifest in real-world smart contracts, this work contributes a practical foundation for detecting and mitigating NFT rug pulls through scalable automated analysis. NFT Security Smart Contract Vulnerabilities Rug Pull Attacks Hidden Backdoors Blockchain Forensics Decentralized Finance (DeFi) Smart Contract Auditing Ethereum Security Static Analysis Token Exploitation Patterns Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8468227","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":567161807,"identity":"5f250fe6-1c22-411e-b9e7-de8c3c09cb52","order_by":0,"name":"Chetan Pathade","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABKUlEQVRIiWNgGAWjYDACCSSGBIOBjZz98QYgz8ACnxZGkBIGHrCWgjRjhjMHQFokiNXy4XBiw40EFNsxAP/s5uMPfu64I28v3fzwxgeDw4mNM59f3fCjQIKBv707Aasld44lNvaeeWbYI3PM2HKGQbpxs3RO2c0eoMMkzpzdgE2LgUSOYQNv22HGHokEM2keA2vZNumctBs8QC0GErk4tOR/bPzbdti+RyL9m/QfA2bGHskzaTf/4NWSw9gMtCWxRyLHTJrBwFlxhgT7sdv4bJG4kWY4W7btWXLPjZxiyx6DNGMDnhy22zIGEjy4/MI/I/nBx7dtd2zbZ6RvvPHjj42cAfvxZzffABn87b1YtUDBAWQOjwGYxKMcQwv7AwKqR8EoGAWjYIQBADUuaVJMfeeMAAAAAElFTkSuQmCC","orcid":"","institution":"Carnegie Mellon University","correspondingAuthor":true,"prefix":"","firstName":"Chetan","middleName":"","lastName":"Pathade","suffix":""},{"id":567161808,"identity":"c958fa56-2f25-458a-b9ad-978e15959377","order_by":1,"name":"Shweta Hooli","email":"","orcid":"","institution":"Northeastern University","correspondingAuthor":false,"prefix":"","firstName":"Shweta","middleName":"","lastName":"Hooli","suffix":""}],"badges":[],"createdAt":"2025-12-29 01:08:17","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-8468227/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8468227/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":100146093,"identity":"3d43f004-4be4-4858-9d2f-7801b2d12924","added_by":"auto","created_at":"2026-01-13 12:29:59","extension":"json","order_by":0,"title":"","display":"","copyAsset":false,"role":"acdc-reference","size":4587,"visible":true,"origin":"","legend":"","description":"","filename":"57469ee19f874bf6b046e029251388c7.json","url":"https://assets-eu.researchsquare.com/files/rs-8468227/v1/bb3096847ca0401462946edc.json"},{"id":100146094,"identity":"c48afda6-72bd-47f6-b05d-6d8e5d9d26bc","added_by":"auto","created_at":"2026-01-13 12:30:03","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":496900,"visible":true,"origin":"","legend":"","description":"","filename":"Archive.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8468227/v1_covered_cc83d504-8d60-45e5-b653-006ca8e56323.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Exposing Hidden Backdoors in NFT Smart Contracts: A Static Security Analysis of Rug Pull Patterns","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"NFT Security, Smart Contract Vulnerabilities, Rug Pull Attacks, Hidden Backdoors, Blockchain Forensics, Decentralized Finance (DeFi), Smart Contract Auditing, Ethereum Security, Static Analysis, Token Exploitation Patterns","lastPublishedDoi":"10.21203/rs.3.rs-8468227/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8468227/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"The explosive growth of Non-Fungible Tokens (NFTs) has revolutionized digital ownership by enabling the creation, exchange, and monetization of unique assets on blockchain networks. However, this surge in popularity has also given rise to a disturbing trend: the emergence of rug pulls - fraudulent schemes where developers exploit trust and smart contract privileges to drain user funds or invalidate asset ownership. Central to many of these scams are hidden backdoors embedded within NFT smart contracts. Unlike unintentional bugs, these backdoors are deliberately coded and often obfuscated to bypass traditional audits and exploit investor confidence. In this paper, we present a large-scale static analysis of 49,940 verified NFT smart contracts using Slither, a static analysis framework, to uncover latent vulnerabilities commonly linked to rug pulls. We introduce a custom risk scoring model that classifies contracts into high, medium, or low risk tiers based on the presence and severity of rug pull indicators. Our dataset was derived from verified contracts on the Ethereum mainnet, and we generate multiple visualizations to highlight red flag clusters, issue prevalence, and co-occurrence of critical vulnerabilities. While we do not perform live exploits, our results reveal how malicious patterns often missed by simple reviews can be surfaced through static analysis at scale. We conclude by offering mitigation strategies for developers, marketplaces, and auditors to enhance smart contract security. By exposing how hidden backdoors manifest in real-world smart contracts, this work contributes a practical foundation for detecting and mitigating NFT rug pulls through scalable automated analysis.","manuscriptTitle":"Exposing Hidden Backdoors in NFT Smart Contracts: A Static Security Analysis of Rug Pull Patterns","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-01-13 12:29:54","doi":"10.21203/rs.3.rs-8468227/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"b29fa5fe-f189-4407-b520-aa2c1a02dc2b","owner":[],"postedDate":"January 13th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2026-01-13T12:29:54+00:00","versionOfRecord":[],"versionCreatedAt":"2026-01-13 12:29:54","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8468227","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8468227","identity":"rs-8468227","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}