Sunday, December 5, 2021


Fashionable TikTok viral “meme coin” SafeMoon may very well be weak to malicious exploits by hackers on account of purported safety vulnerabilities in its good contract code.

In line with a sensible contract audit by blockchain safety agency HashEx, SafeMoon presently has 12 of such vulnerabilities with 5 being categorized as ranging between being of a “important” and “high-severity” nature.

As a part of its findings, the HashEx audit alleges that SafeMoon is weak to a “Non permanent possession resign” assault and a subsequent rug pull to the tune of $20 million. In line with HashEx, the SafeMoon contract proprietor is an externally owned account, or EOA, that controls a major proportion of the coin’s liquidity.

Within the occasion of the EOA being compromised both by inside or exterior rogue actors, an attacker can drain the liquidity pool. Certainly, the HashEx staff alleges {that a} hacker can quickly override any makes an attempt by the SafeMoon devs to ship the tokens to the burn deal with.

Nevertheless, the SafeMoon staff has countered HashEx’s findings, telling Cointelegraph that contract possession is securely held. One SafeMoon developer mentioned that the staff was conscious of the difficulty has insurance policies in place to make sure that the proprietor pockets isn’t related to any third-party decentralized functions.

Aside from the potential for a $20 million rug pull, HashEx additionally recognized just a few reportedly problematic contract set capabilities that may permit an attacker to exclude sure customers from receiving rewards or distribute rewards to a selected pockets.

Beneath regular situations, every SafeMoon token sale attracts a ten% price with half of that sum distributed as rewards for current holders. Nevertheless, HashEx alleges that an attacker can set contract capabilities like charges, and most transaction quantities to any worth and siphon 100% commissions from every sale.

In impact, throughout a attainable assault, a hacker can steal proceeds from every token sale and redirect similar to specified wallets. Certainly, with all of those alleged vulnerabilities in thoughts, the blockchain safety agency says an attacker can synergize these purported loopholes to launch an elaborate chain assault.

Responding to the HashEx audit, Thomas Smith, chief know-how officer at SafeMoon mentioned that the staff was conscious of the problems having already been intimated by its good contract auditor Certik.

In line with Smith, a tough fork might be required to unravel lots of the issues raised by HashEx. Echoing the feelings shared by the beforehand quoted SafeMoon dev, Smith acknowledged:

“Addressing these different points, comparable to possession resign having the ability to be taken again by the contract deployer, we’re by no means going to resign and have made our stance on that clear previously. Internally we’ve insurance policies and procedures round how the contract operates to alleviate danger of mishandling values, nevertheless, you’ll by no means see us modify charges or maxTx.”

SafeMoon is presently about 69% down from its April all-time excessive. Certainly, again in April, Cointelegraph reported that market commentators believed the parabolic worth rally of the Binance Good Chain-based mission was unsustainable.

BSC-based tasks have increasingly become victims of hacks and exploits as decentralized finance protocols sought to make a house on the Binance chain after sustained durations of excessive transaction price on the Ethereum community.

As beforehand reported by Cointelegraph, BSC DeFi protocol PancakeBunny just lately tanked 96% following a $200 million flash loan attack. In April, Uranium Finance — one other BSC-native protocol — suffered a $50 million malicious exploit.