The SafeMoon saga is a critical security reminder for the DeFi industry

The SafeMoon saga is a critical security reminder for the DeFi industry • CryptoMode

Ever since Dogecoin, a digital currency initially touted to parody the volatile nature of today’s crypto market, took the world by storm, it appears as though a growing list of memecoins (including SafeMoon, Shiba Inu) are garnering more and more mainstream interest with seemingly each passing day.

That being said, as per a recent audit report by blockchain security firm HashEx, it appears as though SafeMoon’s digital infrastructure could potentially be vulnerable to a large number of third-party intrusions. 

To be a bit more specific, the firm identified a total of 12 issues with SafeMoon’s native smart contract system, with five of these vulnerabilities ranging between “critical” and “high-severity” in terms of their operational severity. 

Lastly, as part of the audit, HashEx alleged that the platform is potentially open to a “temporary ownership renounce” which can further be followed up by a rug pull attack that could cost investors $20 million.

A technical breakdown of the matter

According to HashEx’s security team, Safemoon’s smart contract is held in an externally owned account (EOA) which basically means that a vast majority of the token’s associated liquidity is controlled by an external entity. 

Therefore, if the EOA were to become compromised due to certain unforeseen circumstances, there is reason to believe that a team of nefarious agents could not only drain the existing liquidity pool but also temporarily override any potential correction attempts that SafeMoon’s dev team may try to make to rectify the situation.

Additionally, HashEx team also stated that some of SafeMoon’s contract set functions are flawed, such that they can enable potential hackers to completely leave out/exclude certain users from receiving rewards while allowing for these funds to be rerouted to an external wallet address covertly.  

For example, typically speaking, every SafeMoon token sale attracts a flat 10% fee (with 50% of this sum being doled out as rewards to prior token holders), however, it is being alleged that due to certain loopholes in the memecoin’s current structure it may be possible for attackers to alter its key functions — i.e. fee ratios, transaction limits, etc — allowing them to siphon off the commission associated with each sale.

The way out

In response to the somewhat critical audit report, SafeMoon CTO Thomas Smith, recently revealed that he and his team were already aware of the issues and that a hard fork will be needed somewhere down the line to resolve the functional problems that have recently reared their ugly heads. 

And while Safemoon is down nearly 10% since the aforementioned bugs were discovered, it should be noted other platforms such as PERA — which also utilize features akin to those of Safemoon’s — have been able to mitigate these problems entirely by integrating a ‘frictionless yield feature’ into their smart contract codes.

In fact, PERA’s smart contract utilizes a ‘balance update’ module in the core function itself — which is incidentally not a part of SafeMoon’s code — thus making the system immune to many of the external threats that have been pointed out earlier.

Looking Ahead

On the subject, Oliver Xie, Project Lead & Founder of DeFi Insurance Platform InsurAce.io, highlighted that while Safemoon has brought a lot of interest to the cryptocurrency sector, most of these new users have not learned the specifics of the underlying technology, adding:

“These inexperienced retail investors are artificially pumping prices, leaving themselves open to large losses in terms of whale action, smart contract hacks, rug pulls, wallet compromises and private key losses. But this new investment into the space is nevertheless good, and it therefore puts more emphasis on the importance of crypto developers to secure these assets for individuals, aided by third party security and insurance services”

In recent weeks, an increasing number of Binance Smart Chain (BSC) based projects have been on the receiving end of various hacks and exploits, especially after a large number of DeFi projects made their way into the ecosystem after the average transaction fee on the Ethereum network scaled up to an insane $40 earlier this year during February. 

For example, PancakeBunny (BUNNY), a BSC-based DeFi ecosystem, was recently the victim of a massive $200 million flash loan attack causing the value of BUNNY to nosedive by a whopping 95% overnight. A similar issue was also witnessed in relation to Uranium Finance earlier this year when hackers were able to make their way with a cool $50 million after getting wind of a malicious exploit.

Looking to advertise? We will gladly help spread the word about your project, company, or service. CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected]