During the audit, HashEx specialists identified 12 vulnerabilities in the smart contracts of the DeFi project SafeMoon. The bugs found allow the withdrawal of assets worth $ 20 million and block transactions, analysts said.
SafeMoon is powered by Binance Smart Chain. For each transfer of funds, the project charges a commission of 10%, half of which is then distributed among the coin holders. One of the main ideas of SafeMoon is to motivate users to hold an asset and reduce its volatility.
The project is about to issue a quadrillion tokens. Now, according to CoinGecko, there are over 583 trillion coins in circulation. Since the launch of SafeMoon in March, its capitalization has exceeded $ 2 billion, and the number of investors has reached 2 million.
HashEx announced possible risks for investors. Among the bugs identified by specialists, two are critical, and three pose a high risk.
According to analysts, the SafeMoon smart contract is controlled by an external address that holds $ 20 million worth of liquidity pool tokens on its account.
Earlier this was discussed by the experts of Certik. During the audit, experts identified 13 different bugs, but then there was no talk of critical vulnerabilities. SafeMoon has not fixed any of the bugs found.
If the address of the owner of the smart contract is compromised, there is a risk of a so-called rug pull at any time, HashEx researchers say. The term denotes the practice of pumping up the value of the created token in the liquidity pool, followed by a sharp withdrawal of funds. Subsequently, other members of the pool are left with depreciated assets.
SafeMoon said they are aware of the problem, but the team “has internal rules and procedures regarding the operation of the contract to mitigate the risks.”
HashEx also found that some of the vulnerabilities allow certain users to be left unremunerated or allocated to a specific wallet.
HashEx experts point out that attackers can take advantage of several bugs at once, creating a “chain ideal for an attack.”
SafeMoon, in response to the HashEx audit, said it would require a hard fork to resolve many of the identified issues.
In addition to the discovered vulnerabilities, some users have other questions about the project. For example, he is often accused of creating the Ponzi circuit.
SafeMoon investor Dave Portnoy, creator of the sports media platform Barstool Sports, noted that “this could be a Ponzi scheme.” He also stressed that he “has no idea how it works.”
My shitcoin announcement. Invest at your own risk. I have no idea how this works pic.twitter.com/G1iW8iZTWG
— Dave Portnoy (@stoolpresidente) May 17, 2021
Popular cryptocurrency blogger Lark Davis compared SafeMoon to the controversial Bitconnect project.
Bitconnect was for a brief moment a top 10 #crypto, the people making money did not want to accept it was a ponzi, they made every excuse to justify it, and attacked anyone who stated the obvious.
Then it rug pulled and everyone lost big time. #safemoon is no different.
— Lark Davis (@TheCryptoLark) April 21, 2021
“What you make money on Ponzi does not change the fact that it is a Ponzi, ”he wrote.
Despite the criticism, the SafeMoon developers plan to develop the project. According to the roadmap for the year, the company intends to release the SafeMoon app and wallet, launch its own exchange, expand the team and open an office in the UK or Ireland.
Security is extremely important for DeFi projects, which often suffer from hacker attacks.
Note that during May, the DeFi protocols of Spartan, Rari Capital, xToken, bEarn Fi, and PancakeBunny were affected by the actions of cybercriminals.
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.