Developers at DeFi security provider HashEx have identified critical vulnerabilities upon examining the code of SafeMoon decentralized finance project, with the level of severity of the issues prompting the identifiers to warn users to stay away from the protocol or face the possibility of losing their funds.
The threats were discovered at the BEP-20 smart contract-based DeFi protocol that charges up to 5% in commission for each on-chain transfer, with the collection allotted for redistribution among SAFEMOON token holders, HashEx said.
Since its launch, the token saw its price rise by more than 15,000%, exceeding $6 billion in market capitalization while also having DEX-swaps liquidity of more than $200 million.
12 vulnerabilities found
Notwithstanding the impressive figures, the security provider has identified 12 threats that put in jeopardy the funds of over 2 million investors, with two of those vulnerabilities being classified as “critical” and three as “extremely high-risk.”
HashEx said the security issues enable an attacker to set commissions for SAFEMOON tokens as high as 100% and initiate malicious activities, excluding holders of the digital asset from commission distribution, block transfers temporarily or make smart contracts permanently inoperable.
To further compound the concerns, four of the issues can be combined therefore exponentially increasing the damage inflicted, favoring exploiters or attackers.
SafeMoon notified
HashEx said they have already notified SafeMoon about their findings and are already aware of the presence of such vulnerabilities on the project, with the project’s team saying they cannot update the issues “with a deployed contract without a hardfork.”
Such findings and warnings coming from an established security provider serve as a reminder of the risks that DeFi projects bring into the market. Over the past two years, more than $285 million were stolen from various attacks on numerous DeFi projects.
Image courtesy of Cointelegraph News/YouTube