{"id":43151,"date":"2021-05-25T16:21:56","date_gmt":"2021-05-25T13:21:56","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=43151"},"modified":"2025-08-31T02:23:14","modified_gmt":"2025-08-30T23:23:14","slug":"analysts-warn-of-safemoon-defi-bugs-enabling-20m-asset-drain","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/analysts-warn-of-safemoon-defi-bugs-enabling-20m-asset-drain\/","title":{"rendered":"Analysts warn of SafeMoon DeFi bugs enabling $20m asset drain"},"content":{"rendered":"

HashEx researchers, during a security audit, \u0432\u044b\u044f\u0432\u0438\u043b\u0438<\/a> 12 vulnerabilities in the SafeMoon DeFi project’s smart contracts. The bugs detected could allow assets worth $20 million to be withdrawn and block transactions, analysts noted.<\/p>\n

SafeMoon runs on Binance Smart Chain. For every transfer, the project charges a 10% fee, half of which is then distributed among token holders. One of SafeMoon’s main ideas is to incentivise users to hold the asset and dampen its volatility.<\/p>\n

The project plans to issue a quadrillion tokens. Currently, according to CoinGecko<\/a>, more than 583 trillion coins are in circulation. Since SafeMoon’s launch in March, its market capitalisation has surpassed $2 billion, and the number of investors has reached 2 million.<\/p>\n

HashEx warned of potential risks for investors. Among the bugs identified by the researchers, two are critical and three pose a high risk.<\/p>\n

According to the analysts, the SafeMoon smart contract is controlled by an external address whose balance stores liquidity pool tokens worth $20 million.<\/p>\n

Earlier, Certik specialists spoke about this. In their audit, the experts identified 13 distinct bugs, but there was no discussion of critical vulnerabilities at the time. SafeMoon has not fixed any of the discovered bugs.<\/p>\n

If the smart contract owner’s address is compromised, there is at any moment a risk of the so-called rug pull, HashEx researchers say. The term denotes the practice of inflating the value of a token in the liquidity pool with a subsequent sharp withdrawal of funds. Subsequently, other pool participants are left with devalued assets.<\/p>\n

SafeMoon said they are aware of the problem, but the team has ‘internal rules and procedures governing the contract’s operation to mitigate risks’.<\/p>\n

HashEx also found that some of the vulnerabilities could leave certain users without rewards or distribute them to a specific wallet.<\/p>\n

HashEx specialists note that attackers could exploit several bugs at once, creating a ‘chain perfectly suited for an attack’.<\/p>\n

In SafeMoon’s response to the HashEx audit, the project said that solving many of the identified problems would require a hard fork.<\/p>\n

Beyond the vulnerabilities, some users have other questions about the project. For example, it is often accused of running a Ponzi scheme<\/a>.<\/p>\n

Barstool Sports founder Dave Portnoy, who invested in SafeMoon, said that ‘this could be a Ponzi scheme.’ He also stressed that ‘nobody has any idea how this works’.<\/p>\n

\n

My shitcoin announcement. Invest at your own risk. I have no idea how this works pic.twitter.com\/G1iW8iZTWG<\/a><\/p>\n

\u2014 Dave Portnoy (@stoolpresidente) May 17, 2021<\/a><\/p><\/blockquote>\n