SafeMoon is one of the most successful Memecoins of the first half of the year. But in terms of security, the project has some catching up to do – at least that is the conclusion of the latest smart contract audit.
The Memecoin SafeMoon has seen several parabolic rallies and massive price drops since its release. With a name that is effective in marketing and a creative token economy, SafeMoon tries to build on the success of the Dogecoin meme coin. Which he – at least partially – succeeded in doing. With a market capitalization of around USD 2.6 billion, the Altcoin, which was only launched at the beginning of March, ranks 49th among the most financially strong crypto networks. Even though SafeMoon has clearly strayed from its record price set on March 11th, the token was trading at USD 0.00001094 at the time of going to press, still almost 10,000 percent above its all-time low of March 14th. A smart contract audit by the DeFi security company HashEx has now identified some serious security deficiencies in Smart Contracts from SafeMoon.
How safe is SafeMoon?
HashEx presents a total of twelve vulnerabilities with different threat potential in its final report on the audit of SafeMoon Smart Contracts. HashEx classifies two of the security holes as “critical”, and two are rated “highly insecure”. The remaining eight vulnerabilities are of “medium” to “low” danger. The uncovered security gaps can enable attackers, among other things, to set commissions for SAFEMOON tokens at up to 100 percent and to temporarily block token transfers. The latter is due to the fact that the smart contract for the SAFEMOON token is assigned to a single external entity.
At the time of the check, the owner of the token contract is set to an EOA account (external account), which entails high risks for token holders, since an attacker can completely interrupt the token functionality if the owner account is compromised (e.g. by blocking all transfers).
In other words: SafeMoon Holders have to blindly trust that the owner of the smart contract is honest and / or that their access to the smart contract is protected from malicious third parties.
HashEx sees another weak point in the “Renounce Ownership” function of the SafeMoon Smart Contract. The function is usually used by the creator of a smart contract to transfer access to the smart contract to another owner or the community. According to HashEx, SafeMoon cannot determine whether the owner of a smart contract has given up ownership forever or only temporarily. This creates a backdoor, a Reddit user before mid-March warned Has.
CTO asks for a leap of faith
The possibility of a rug pull exists for SafeMoon as long as the funds are largely controlled by a single wallet. Safemoon CTO Thomas Smith meanwhile asserts that it has no intention of giving up control of the protocol.
“As for the other topics, like the possibility of ownership renounce […], so we will never do without and have made our position on this clear in the past. Internally we have policies and procedures on how the contract works to reduce the risk of mishandling of values, but we will never change the fees or maxTx [maximale Transaktionen] change, ”Smith told the crypto blog Bitcoinist. This means that SafeMoon remains a highly centralized project – including all risks and side effects.