Critical $20M SafeMoon vulnerability? Project devs say no cause for alarm


Popular TikTok viral “meme coin” SafeMoon could be vulnerable to malicious exploits by hackers on account of purported security vulnerabilities in its smart contract code.According to a smart contract audit by blockchain security firm HashEx, SafeMoon currently has 12 of such vulnerabilities with five being classified as ranging between being of a “critical” and “high-severity” nature.As part of its findings, the HashEx audit alleges that SafeMoon is vulnerable to a “Temporary ownership renounce” attack and a subsequent rug pull to the tune of $20 million. According to HashEx, the SafeMoon contract owner is an externally owned account, or EOA, that controls a significant proportion of the coin’s liquidity.In the event of the EOA being compromised either by internal or external rogue actors, an attacker can drain the liquidity pool. Indeed, the HashEx team alleges that a hacker can temporarily override any attempts by the SafeMoon devs to send the tokens to the burn address.However, the SafeMoon team has countered HashEx’s findings, telling Cointelegraph that contract ownership is securely held. One SafeMoon developer said that the team was aware of the issue has policies in place to ensure that the owner wallet is never connected to any third-party decentralized applications.Apart from the potential for a $20 million rug pull, HashEx also identified a few reportedly problematic contract set functions that can allow an attacker to exclude certain users from receiving rewards or distribute rewards to a specific wallet.Under normal conditions, each SafeMoon token sale attracts a 10% fee with half of that sum distributed as rewards for existing holders. However, HashEx alleges that an attacker can set contract functions like fees, and maximum transaction amounts to any value and siphon 100% commissions from each sale.In effect, during a possible attack, a hacker can steal proceeds from each token sale and redirect same to specified wallets. Indeed, with all of these alleged vulnerabilities in mind, the blockchain security firm says an attacker can synergize these purported loopholes to launch an elaborate chain attack.Responding to the HashEx audit, Thomas Smith, chief technology officer at SafeMoon said that the team was aware of the issues having already been intimated by its smart contract auditor Certik.According to Smith, a hard fork will be required to solve many of the concerns raised by HashEx. Echoing the sentiments shared by the previously quoted SafeMoon dev, Smith stated:“Addressing these other issues, such as ownership renounce being able to be taken back by the contract deployer, we are never going to renounce and have made our stance on that clear in the past. Internally we have policies and procedures around how the contract operates to alleviate risk of mishandling values, however, you will never see us modify fees or maxTx.”SafeMoon is currently about 69% down from its April all-time high. Indeed, back in April, Cointelegraph reported that market commentators believed the parabolic price rally of the Binance Smart Chain-based project was unsustainable.BSC-based projects have increasingly become victims of hacks and exploits as decentralized finance protocols sought to make a home on the Binance chain after sustained periods of high transaction cost on the Ethereum network.As previously reported by Cointelegraph, BSC DeFi protocol PancakeBunny recently tanked 96% following a $200 million flash loan attack. In April, Uranium Finance — another BSC-native protocol — suffered a $50 million malicious exploit.

Avatar

Related Articles

- Advertisement -

Latest Articles

bitcoin
Bitcoin (BTC) $ 16,967.37
ethereum
Ethereum (ETH) $ 1,275.75
tether
Tether (USDT) $ 1.00
bnb
BNB (BNB) $ 290.47
usd-coin
USD Coin (USDC) $ 1.00
binance-usd
Binance USD (BUSD) $ 1.00
xrp
XRP (XRP) $ 0.390318
dogecoin
Dogecoin (DOGE) $ 0.099104
cardano
Cardano (ADA) $ 0.319473
matic-network
Polygon (MATIC) $ 0.923001
polkadot
Polkadot (DOT) $ 5.56
staked-ether
Lido Staked Ether (STETH) $ 1,260.37
okb
OKB (OKB) $ 22.05
litecoin
Litecoin (LTC) $ 76.88
shiba-inu
Shiba Inu (SHIB) $ 0.000009
dai
Dai (DAI) $ 1.00
tron
TRON (TRX) $ 0.054030
solana
Solana (SOL) $ 13.56
uniswap
Uniswap (UNI) $ 6.27
avalanche-2
Avalanche (AVAX) $ 13.36
leo-token
LEO Token (LEO) $ 4.00
chainlink
Chainlink (LINK) $ 7.44
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 16,940.66
cosmos
Cosmos Hub (ATOM) $ 10.20
ethereum-classic
Ethereum Classic (ETC) $ 19.60
monero
Monero (XMR) $ 147.51
the-open-network
The Open Network (TON) $ 1.79
stellar
Stellar (XLM) $ 0.087584
bitcoin-cash
Bitcoin Cash (BCH) $ 110.83
quant-network
Quant (QNT) $ 130.17
algorand
Algorand (ALGO) $ 0.240292
crypto-com-chain
Cronos (CRO) $ 0.064619
filecoin
Filecoin (FIL) $ 4.53
apecoin
ApeCoin (APE) $ 4.00
near
NEAR Protocol (NEAR) $ 1.71
vechain
VeChain (VET) $ 0.019319
hedera-hashgraph
Hedera (HBAR) $ 0.048479
internet-computer
Internet Computer (ICP) $ 4.21
flow
Flow (FLOW) $ 1.10
terra-luna
Terra Luna Classic (LUNC) $ 0.000179
elrond-erd-2
MultiversX (Elrond) (EGLD) $ 43.35
frax
Frax (FRAX) $ 0.999602
eos
EOS (EOS) $ 0.935373
trust-wallet-token
Trust Wallet (TWT) $ 2.31
the-sandbox
The Sandbox (SAND) $ 0.592888
tezos
Tezos (XTZ) $ 1.02
aave
Aave (AAVE) $ 64.03
theta-token
Theta Network (THETA) $ 0.905959
chiliz
Chiliz (CHZ) $ 0.166731
huobi-token
Huobi (HT) $ 6.76