The SafeMoon DeFi protocol is the latest project to have vulnerabilities revealed in its smart contract code. A recent audit conducted by analysts from HashEx, a blockchain security consulting firm, has revealed that 12 critical vulnerabilities are placing the funds of over 20 million users and the protocol with over $3.5 billion in market capitalization at risk.
With near-daily reports of scams and fraud on the part of DeFi protocols, market participants should pay heed to the audit reports of various DeFi platforms. The latest smart contract audit of the SafeMoon protocol has revealed that its BEP-20 code supporting the $SAFEMOON token is at serious risk with many loopholes allowing hackers to conduct malignant operations on the platform. Considering that $SAFEMOON has grown by 15,000% since launch and the project reached over $6 billion in market valuation with over 20 million users and $200 million in DEX liquidity, the report casts serious doubt on the operability of the SafeMoon protocol.
The twelve vulnerabilities identified by HashEx are placing the investments of millions of users at risk with several of the issues capable of being used in conjunction to maximize the harm done to user accounts and balances. Two of the issues are considered to be critical, while three are deemed high risk and are a godsend for hackers.
For instance, the hackers can exploit the loopholes to extract 100% commissions on $SAFEMOON token transfers, blacklist users, block user accounts, rug-pull liquidity and much more. Even more frightening is the fact that the SafeMoon development team is aware of the vulnerabilities, as based on the response received by the HashEx team after disclosing the results of the audit.
According to the representatives of HashEx who previously contacted SafeMoon to inform the project team about the vulnerabilities detected, SafeMoon stated that the identified vulnerabilities are not issues at all and can all be updated with a hard fork. The fact that the project has not yet announced any updates or hard forks is a factor that community members should take into account when considering investing with SafeMoon in light of the identified vulnerabilities.
Among the loopholes that have been identified, the risk of rug-pulling stands most acute, as it implies that the hackers can simply divert as much as 15% of the protocol’s liquidity. That would mean the loss of over $20 million in user funds. Other opportunities presented to the hackers include vulnerabilities in the smart contract code that could allow them to blacklist users from receiving rewards, or blocking the transfer of $SAFEMOON tokens, which would render them useless and collapse their value.
The report on the competence of SafeMoon’s smart contract code is a glaring reminder that development quality is lagging far behind speed of deployment in project priority lists. Such a state of affairs should remind all conscientious and investment-conscious market participants that project screening is a must and blind faith in market volumes can and will eventually result in losses, as illustrated by the numerous DeFi project catastrophes over the last year.