GoPlus: Several x402 ecosystem projects have been found to have risks, including over-licensing and signature replay issues.

According to official sources, GoPlus Security Research Institute conducted a detailed security risk scan of over 30 x402 projects and risky projects warned by the community in Binance Wallet and OKX Wallet. The scan revealed the following projects to have risks of over-authorization, signature replay, HonyPot (Pixiu token), and unlimited issuance: FLOCK (0x5ab3): The transfer ERC20 function allows the owner to withdraw any number of any tokens from the contract. x420 (0x68e2): The cross-chain Mint function allows unlimited token minting. U402 (0xd2b3): The mint By Bond function allows the bond to mint unlimited tokens. MRDN (0xe57e): The withdraw Token function allows the owner to withdraw any number of any tokens from the contract. PENG (0x4444ee, 0x444450, 0x444428): The manual Swap function allows the owner to withdraw ETH from the contract. The transfer From function bypasses the allowance check for certain accounts. x402 Token (0x40ff): The transfer From function bypasses the allowance check for certain accounts. x402b (0xd8af5f): The manual Swap function allows the owner to withdraw ETH from the contract. The transfer From function bypasses the allowance check for certain accounts. x402MO (0x3c47df): The manual Swap function allows the owner to withdraw ETH from the contract. The transfer From function bypasses the allowance check for certain accounts.