Main navigation

ShibaSwap Staking Contract May Have Critical Design Flaw: Ex-Santiment CTO

News
Tue, 07/06/2021 - 15:50
article image
Vladislav Sopov
Yet another DeFi project may have a backdoor for a potential "rug pull," according to blockchain veteran Valentin Mihov
ShibaSwap Staking Contract May Have Critical Design Flaw: Ex-Santiment CTO
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Contents

Valentin Mihov, blockchain developer and former chief technology officer of on-chain data vendor Santiment, disclosed a critical flaw in the staking contract of newly-launched dog-themed exchange ShibaSwap.

A minimum viable rug?

Mihov shared some alarming details of ShibaSwap's codebase, a novel decentralized exchange focused on overhyped meme token Shiba Inu (SHIB).

The platform offers up to 5,000 percent in annualized yield to SHIB stakers. Meanwhile, its staking contract is controlled by an externally owned address (EOA). Thus, its owner can drain the entire liquidity of the exchange.

This flaw makes SHIB staking prone to exit scams and manipulations:

All the staked funds can be rugged by the devs at any moment #WarOnRugs

Banteg (@banteg), a core developers of leading decentralized financial protocol Yearn.Finance (YFI), called this flaw a 'minimum viable ShibaSwap rug' as its multi-million liquidity can be easily stolen by one account on the Ethereum network.

Here's how ShibaSwap team mitigates the issue

At 2 p.m. UTC, Banteg reported that he was reached by the ShibaSwap team. According to their statement, the control of the contract was transferred to a multi-signature account that requires 6 out of 9 private keys to authorize a transaction:

ShibaSwap devs reached out and transferred the owner role to a 6/9 multisig. They also informed they plan to deploy a timelock. The above concern has been addressed.

Also, the team shared plans to introduce a time lock mechanism, which controls token spending in a pre-determined way.

Right now, ShibaSwap is being audited by a top-tier blockchain security vendor CertiK.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (Swap.online, Monoreto, Attic Lab etc.)