Fashionable TikTok viral “meme coin” SafeMoon might be susceptible to malicious exploits by hackers on account of purported safety vulnerabilities in its good contract code.

In accordance with a sensible contract audit by blockchain safety agency HashEx, SafeMoon at the moment has 12 of such vulnerabilities with 5 being categorised as ranging between being of a “important” and “high-severity” nature.


As a part of its findings, the HashEx audit alleges that SafeMoon is susceptible to a “Short-term possession resign” assault and a subsequent rug pull to the tune of $20 million. In accordance with HashEx, the SafeMoon contract proprietor is an externally owned account, or EOA, that controls a big proportion of the coin’s liquidity.

Within the occasion of the EOA being compromised both by inner or exterior rogue actors, an attacker can drain the liquidity pool. Certainly, the HashEx workforce alleges {that a} hacker can briefly override any makes an attempt by the SafeMoon devs to ship the tokens to the burn handle.

Nevertheless, the SafeMoon workforce has countered HashEx’s findings, telling Cointelegraph that contract possession is securely held. One SafeMoon developer stated that the workforce was conscious of the problem has insurance policies in place to make sure that the proprietor pockets is rarely related to any third-party decentralized functions.

Aside from the potential for a $20 million rug pull, HashEx additionally recognized a couple of reportedly problematic contract set features that may permit an attacker to exclude sure customers from receiving rewards or distribute rewards to a particular pockets.

Below regular situations, every SafeMoon token sale attracts a ten% charge with half of that sum distributed as rewards for current holders. Nevertheless, HashEx alleges that an attacker can set contract features like charges, and most transaction quantities to any worth and siphon 100% commissions from every sale.

In impact, throughout a attainable assault, a hacker can steal proceeds from every token sale and redirect similar to specified wallets. Certainly, with all of those alleged vulnerabilities in thoughts, the blockchain safety agency says an attacker can synergize these purported loopholes to launch an elaborate chain assault.

Responding to the HashEx audit, Thomas Smith, chief expertise officer at SafeMoon stated that the workforce was conscious of the problems having already been intimated by its good contract auditor Certik.

In accordance with Smith, a tough fork might be required to resolve most of the considerations raised by HashEx. Echoing the emotions shared by the beforehand quoted SafeMoon dev, Smith said:

“Addressing these different points, comparable to possession resign having the ability to be taken again by the contract deployer, we’re by no means going to resign and have made our stance on that clear previously. Internally now we have insurance policies and procedures round how the contract operates to alleviate threat of mishandling values, nevertheless, you’ll by no means see us modify charges or maxTx.”

SafeMoon is at the moment about 69% down from its April all-time excessive. Certainly, again in April, Cointelegraph reported that market commentators believed the parabolic value rally of the Binance Sensible Chain-based mission was unsustainable.

BSC-based tasks have increasingly become victims of hacks and exploits as decentralized finance protocols sought to make a house on the Binance chain after sustained intervals of excessive transaction value on the Ethereum community.

As beforehand reported by Cointelegraph, BSC DeFi protocol PancakeBunny lately tanked 96% following a $200 million flash loan attack. In April, Uranium Finance — one other BSC-native protocol — suffered a $50 million malicious exploit.