41 Interactions, 4 Today
According to one blockchain security company, an analysis of the SafeMoon smart contract discovered a possible $20 million flaw in the viral meme coin.
SafeMoon, a popular TikTok viral “meme coin,” could be vulnerable to malicious hacking due to alleged security flaws in its smart contract code.
According to a smart contract audit conducted by blockchain security company HashEx, SafeMoon reportedly has 12 such flaws, with five of them rated as “critical” or “high-severity.”
The HashEx audit alleges that SafeMoon is vulnerable to a “Temporary ownership renounce” assault and a subsequent $20 million rug pull as part of its results. The SafeMoon contract owner, according to HashEx, is an externally owned account, or EOA, that controls a significant portion of the coin’s liquidity.
An attacker will drain the liquidity pool if the EOA is infiltrated by either internal or external rogue actors. Indeed, according to the HashEx team, a hacker will temporarily bypass any attempts by the SafeMoon developers to send tokens to the burn address.
The SafeMoon squad, on the other hand, has refuted HashEx’s findings, telling Cointelegraph that contract ownership is firmly owned. According to one SafeMoon creator, the team is mindful of the problem and has protocols in effect to insure that the owner wallet is never linked to any third-party decentralised apps.
Aside from the possibility for a $20 million rug pull, HashEx discovered a few allegedly troublesome contract set functions that could enable an attacker to exclude specific users from collecting rewards or allocate rewards to a specific wallet.
Under normal circumstances, every SafeMoon token sale incurs a 10% commision, with half of that amount allocated as prizes to current holders. HashEx, on the other hand, claims that an attacker will set contract functions such as fees and overall purchase sums to any value and syphon 100% commissions from each sale.
In effect, a hacker will steal proceeds from each token sale and divert them to designated wallets during a potential attack. Indeed, with all of these alleged flaws in mind, the blockchain security company claims that an attacker will combine these alleged flaws to initiate an intricate chain attack.
In response to the HashEx audit, Thomas Smith, chief technical officer at SafeMoon, stated that the team was aware of the problems, which had been communicated to them by Certik, the company’s smart contract auditor.
According to Smith, a hard fork would be needed to address many of HashEx’s concerns. Smith said, echoing the sentiments expressed by the previously quoted SafeMoon developer:
“Addressing these other issues, such as ownership renounce being able to be taken back by the contract deployer, we are never going to renounce and have made our stance on that clear in the past. Internally we have policies and procedures around how the contract operates to alleviate risk of mishandling values, however, you will never see us modify fees or maxTx.”
SafeMoon is reportedly down about 69 percent from its all-time peak in April. Indeed, it was announced in April that market analysts claimed the Binance Smart Chain-based project’s parabolic price rally was unsustainable.
As decentralised finance protocols found a home on the Binance chain after extended stretches of high transaction cost on the Ethereum network, BSC-based projects have gradually become victims of hacks and exploits.
As reported the BSC DeFi protocol PancakeBunny recently dropped 96 percent after a $200 million flash loan strike. Uranium Finance, another BSC-native protocol, was victimised by a $50 million malware exploit in April.