Usually when a new wallet address interacts with a decentralized exchange, scammers start sending tokens which can't be sold. This is because the token contract checks if the wallet address matches predefined list of addresses and if the address doesn't match, the contract enables code path that usually drains the balance of user's wallet empty. Some malicious contracts target specific token balances, some spend as much gas as the wallet is willing to provide or try to transfer whole coin balance (BNB, ETH, etc.).
At least BscScan and EthScan have comments section where people can report suspicious contracts. People should also avoid interacting with contracts that don't have source published. If the source is published, Approve
and Transfer
methods can be checked that they only check or change internal variables holding user balance and the approved transfer amount and emit correct event. If they do anything else, the contract most likely is not safe to use.
Approve
method should emit Approval
event with three parameters containing the wallet address where the funds can be transferred from, wallet address of approved account, and the approved amount.
Transfer
method should emit Transfer
event with three parameters containing source address, destination address and the amount of tokens transferred.
If the token list in block explorer doesn't show any value for the token, it might be either recently created token, or the token can't be sold on any reputable exchange. Not all decentralized exchange pairs are tracked due to low volume, or because nobody has requested the token to be listed. Most legitimate tokens are listed on at least one statistics site after the token has enough liquidity and trading volume.