A blockchain security audit firm HashEX revealed that SAFEMOON’s smart contract has several critical security flaws. The audit of the SafeMoon smart contract has revealed a potential $20 million vulnerability. However, the dev team of SAFEMOON have countered the statement, saying that ownership of the token contract is highly secure.
HashEx has found a total of 12 vulnerabilities in SAFEMOON. Two of the issues are considered to be critical, while three are deemed high risk. HashEx audit also alleges that SafeMoon is vulnerable to a “Temporary ownership renounce” attack and a subsequent rug pull to the tune of $20 million (the hackers can simply divert as much as 15% of the protocol’s liquidity. That would mean the loss of over $20 million in user funds).
HashEx also reported that the SafeMoon contract owner is an externally owned account (EOA) that controls a significant proportion of the token’s liquidity and in the event of the EOA being compromised either by internal or external rogue actors, an attacker can drain the liquidity pool and can temporarily override any attempts by the SafeMoon devs to send the tokens to the burn address.
The hackers can also exploit the loopholes to extract 100% commissions on SAFEMOON token transfers, blacklist users, block user accounts, and much more.
SAFEMOON has grown by nearly ~15,000% since launch and the project reached over $6 billion in market cap with over 20 million users and $200 million in DEX liquidity. The report casts serious doubt on the operability of the SafeMoon protocol.
HashEx representatives have informed SafeMoon dev team about the issues and SafeMoon dev team stated that the identified vulnerabilities are not issues at all and can all be updated with a hard fork. But SafeMoon has not yet announced any updates or hard forks which causes concerns in the community. One should take into account all these factors before even considering investing with SafeMoon in light of the identified vulnerabilities.
SAFEMOON security issues
01 Temporary ownership renounce: Critical severity
02 No safeguards for fees and
maxTx: Critical severity
excludeFromReward() abuse: High severity
excluded length problem: High severity
05 ERC20 standard violation: Medium severity
06 Locked ether: Medium severity
addLiquidity() recipient: Medium severity
08 Hardcoded addresses: Medium severity
inSwapAndLiquify visibility: Low severity
numTokensSellToAddToLiquidity is constant: Low severity
11 Incorrect error message: Low severity
12 General recommendations: Low severity
Read the complete audit report here.
What is SafeMoon?
SafeMoon cryptocurrency was launched in March 2021 by John Karony, who was an All-Source Analyst for the US Department of Defense, Thomas Smith, who previously served as the CIO of Goldsmith Blockchain Consulting, Jach Haines-Davies, who earlier worked in Likeandshare LTD and Ben Philips. The SafeMoon token has quickly gained over a million holders just after its launch.
SafeMoon is entirely a community-driven project. The protocol of the token performs three main functions during the trade, which are Reflection, LP Acquisition, and Burn. What that mean is the dev team have burned all their token to participate with everyone else in the community and every trade contributes towards automatically generating liquidity that goes into multiple pools used by exchanges. SafeMoon holders also earn passive rewards through static reflection as they watch their balance of SafeMoon grow indefinitely.
Due to its slogan “Safely to the moon”, it is often compared with Dogecoin which has a slogan “To the moon”. However, SafeMoon seems a more thoughtful and well implemented design from multiple angles as compared to meme coin DOGE that literally serves no purpose and was deigned just for fun. SafeMoon’s goal is not to reach the height but to do it safely.
SafeMoon solves one major issue which happens with majority of low value tokens - the valuation bubble that occurs after the burst and the collapse of the price. The platform offers its own solution to avoid a high APY LP-farming trap that became an issue in the conditions of the DeFi explosion. SafeMoon’s static rewards feature solves this exact problem.