Blockchain audit and consulting firm HashEx claims it has discovered a dozen vulnerabilities in SafeMoon (SAFEMOON) which puts two million investors at risk.
What Happened: SAFEMOON has at least two critical vulnerabilities and three that pose a “high risk,” according to a HashEx statement.
As per HashEx, the token on the Binance Smart Chain has vulnerabilities that allow setting the commissions for the transfer of SAFEMOON up to 100%, rug pulling, excluding holders from commissions distribution, temporary blocking of token transfers, and rendering token smart contract permanent inoperable. A rug pull refers to liquidity theft by the developer.
The token’s smart contract takes a 5% commission whenever a Safemoon transfer takes place, which is then distributed to token holders. This is a part of a process that encourages holding on to the coins in the long run.
HashEx claimed that the Safemoon smart contract owner is an externally owned account controlled by a particular person.
The firm said that this account has a market value of $20 million with the sum constantly increasing due to the fact that the smart contract transfers part of the transfer commissions to the owner account.
“In case the owner address is compromised, a rug pull of over $20,000,000 can happen at any moment. Because it’s about 15% of all liquidity that is being held in liquidity pools, the $SAFEMOON exchange rate can go down rapidly,” wrote HashEx.
SAFEMOON traded 5.11% lower at $0.00000486 at press time on a 24-hour basis. In the same time period, the coin fell 2.4% and 4.32% against Bitcoin (BTC) and Ethereum (ETH) respectively.
On Apr 20, SAFEMOON touched an all-time high of $0.00001399. The cryptocurrency has declined 65.21% since then.
BTC traded 1.36% lower at $38,542.93, while ETH traded 2.17% higher at $2,726.97 on a 24-hour basis.
Why It Matters: HashEx said that in case SafeMoon’s external account is compromised an attacker can drain the liquidity pool and prevent SafeMoon developers from sending tokens to a burn address.
Safemoon’s Chief Technology Officer Thomas Smith told HashEx that the issues raised by the security firm are not ones “we can update with a deployed contract without a hardfork.”
“Addressing these other issues, such as ownership renounce being able to be taken back by the contract deployer, we are never going to renounce and have made our stance on that clear in the past.”
Thomas told HashEx that SafeMoon has internal “policies and procedures” in place on how the contract operates “to alleviate risk of mishandling values.”
Three of the top six Decentralized Finance or DeFi hacks by value took place on the BSC platform, which includes the $30 million loss incurred by Spartan Protocol in May, Cointelegraph reported.