A smart contract audit carried out by HashEx has identified a number of high-risk vulnerabilities in the code of the $3 billion market cap SafeMoon DeFi project. The audit revealed a number of serious drawbacks in the smart contract code that would allow any hackers willing to take advantage of a generous number of loopholes for withdrawing significant amounts of funds from the project’s liquidity pools.
The series of threats facing DeFi protocols continues after the DeFi100 project team was recently accused of fleeing with over $32 million worth of user funds, essentially branding the platform a scam. Such accusations on the market, in conjunction with identified technical shortcomings, are now casting doubt on SafeMoon – a BEP-20 smart contract code DeFi protocol focusing on the redistribution of rewards among its native $SAFEMOON token holders. The token has been growing significantly over the past few weeks and has attained over 15,000% in value growth since launch, allowing the project to overstep the $6 billion market valuation and over $200 million in DEX and swap liquidity.
Over two million users of SafeMoon now face the risk of losing their investments, as twelve vulnerabilities in the project’s code threaten the protocol. Two of the issues identified by HashEx are deemed to be critical and three are high risk grade. More worrying is the fact that four or more of the issues can be used in varying combinations to maximize damages to SafeMoon’s liquidity pools and user balances.
Among the threats faced by users of SafeMoon are possibilities of encountering 100% commissions on $SAFEMOON token transfers, rug-pulling, blacklisting accounts from reward distribution, token transfer blocking, and others. The HackEx team reached out to the developers of SafeMoon, notifying them of the identified vulnerabilities, but the response received was less than encouraging in terms of promises for rectifying the situation.
The threat of rug-pulling that has been considered the most severe for SafeMoon implies that externally owned smart contract accounts can be hijacked and up to 15% of the project’s liquidity, an estimated $20 million, could be lost irreversibly. Apart from rug-pulling, blacklisting poses just as much of a threat to users, making them lose their rightful rewards in case of a platform breach, with up to 30% of balances being redirected to perpetrator accounts. A block of token transfers would ultimately render SafeMoon inoperable for $SAFEMOON token holders, sending their assets to common reward pools for later transfer to the hackers.
Interestingly, crypto analyst and investor Lark Davis previously compared SafeMoon to BitConnect, an investment platform that ended up as the biggest exit scheme in cryptocurrency. "Remember just because you make money off of a ponzi does not change the fact that it is a ponzi”, he tweeted.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.