{"id":258389,"date":"2021-05-25T14:20:35","date_gmt":"2021-05-25T11:20:35","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/critical-20m-safemoon-vulnerability-project-devs-say-no-cause-for-alarm\/"},"modified":"2021-05-25T14:20:35","modified_gmt":"2021-05-25T11:20:35","slug":"critical-20m-safemoon-vulnerability-project-devs-say-no-cause-for-alarm","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/critical-20m-safemoon-vulnerability-project-devs-say-no-cause-for-alarm\/","title":{"rendered":"#Critical $20M SafeMoon vulnerability? Project devs say no cause for alarm"},"content":{"rendered":"

#Critical $20M SafeMoon vulnerability? Project devs say no cause for alarm<\/strong>”<\/p>\n

<\/p>\n

                One blockchain security firm says its audit of the SafeMoon smart contract has unearthed a potential $20 million vulnerability within the viral meme coin.\n                <p>Popular TikTok viral \u201cmeme coin\u201d SafeMoon could be vulnerable to malicious exploits by hackers on account of purported security vulnerabilities in its smart contract code.\n<\/code><\/pre>\n
According to a smart contract audit by blockchain security firm HashEx, SafeMoon currently has 12 of such vulnerabilities with five being classified as ranging between being of a \u201ccritical\u201d and \u201chigh-severity\u201d nature.<\/p>\n
As part of its findings, the HashEx audit alleges that SafeMoon is vulnerable to a \u201cTemporary ownership renounce\u201d attack and a subsequent rug pull to the tune of $20 million. According to HashEx, the SafeMoon contract owner is an externally owned account, or EOA, that controls a significant proportion of the coin\u2019s liquidity.<\/p>\n
In the event of the EOA being compromised either by internal or external rogue actors, an attacker can drain the liquidity pool. Indeed, the HashEx team alleges that a hacker can temporarily override any attempts by the SafeMoon devs to send the tokens to the burn address.<\/p>\n
However, the SafeMoon team has countered HashEx\u2019s findings, telling Cointelegraph that contract ownership is securely held. One SafeMoon developer said that the team was aware of the issue has policies in place to ensure that the owner wallet is never connected to any third-party decentralized app<\/a>lications.<\/p>\n
Apart from the potential for a $20 million rug pull, HashEx also identified a few reportedly problematic contract set functions that can allow an attacker to exclude certain users from receiving rewards or distribute rewards to a specific wallet.<\/p>\n
Under normal conditions, each SafeMoon token sale attracts a 10% fee with half of that sum distributed as rewards for existing holders. However, HashEx alleges that an attacker can set contract functions like fees, and maximum transaction amounts to any value and siphon 100% commissions from each sale.<\/p>\n
In effect, during a possible attack, a hacker can steal proceeds from each token sale and redirect same to specified wallets. Indeed, with all of these alleged vulnerabilities in mind, the blockchain security firm says an attacker can synergize these purported loopholes to launch an elaborate chain attack.<\/p>\n
Responding to the HashEx audit, Thomas Smith, chief technology<\/a> officer at SafeMoon said that the team was aware of the issues having already been intimated by its smart contract auditor Certik.<\/p>\n
According to Smith, a hard fork will be required to solve many of the concerns raised by HashEx. Echoing the sentiments shared by the previously quoted SafeMoon dev, Smith stated:<\/p>\n
\u201cAddressing these other issues, such as ownership renounce being able to be taken back by the contract deployer, we are never going to renounce and have made our stance on that clear in the past. Internally we have policies and procedures around how the contract operates to alleviate risk of mishandling values, however, you will never see us modify fees or maxTx.\u201d<\/p><\/blockquote>\n
SafeMoon is currently about 69% down from its April all-time high. Indeed, back in April, Cointelegraph reported that market commentators believed the parabolic price rally of the Binance Smart Chain-based project was unsustainable.<\/p>\n
BSC-based projects have increasingly become victims of hacks and exploits as decentralized finance protocols sought to make a home on the Binance\u00a0chain after sustained periods of high transaction cost on the Ethereum\u00a0network.<\/p>\n
As previously reported by Cointelegraph, BSC DeFi protocol PancakeBunny recently tanked 96% following a $200 million flash loan attack. In April, Uranium Finance \u2014 another BSC-native protocol \u2014 suffered a $50 million malicious exploit.<\/p>\n
If you liked the article, do not forget to share it with your friends. Follow us on\u00a0Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n
\n
For forums sites go to Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n
\n
If you want to read more News<\/a> articles, you can visit our General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n
Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
“#Critical $20M SafeMoon vulnerability? Project devs say no cause for alarm” One blockchain security firm says its audit of the SafeMoon smart contract has unearthed a potential $20 million vulnerability within the viral meme coin. <p>Popular TikTok viral \u201cmeme coin\u201d SafeMoon could be vulnerable to malicious exploits by hackers on account of purported security vulnerabilities…<\/p>\n","protected":false},"author":1,"featured_media":258390,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDUvNjNlY2IxZmItZWMyZS00OWQ0LWJiMjktMDdlODdiN2I1OWNkLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-258389","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/258389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=258389"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/258389\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/258390"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=258389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=258389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=258389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}