Protect Your Project Today
Strengthen your project with the largest web3 security provider.
A CertiK security expert will review your request and follow up shortly.

MasterChef Mischief: Examining the Rug Pull in Swaprum Protocol

Reports ·Incident Analysis ·
MasterChef Mischief: Examining the Rug Pull in Swaprum Protocol

Project name: Swaprum

Project type: Staking

Date of exploit: May 18, 2023

Asset loss: $ 3,000,000

Vulnerability: Rugpull

Date of audit report publishing: May 5, 2023

Conclusion: Out of Audit Scope

Details of the Exploit

Background

Swaprum project includes DEX and MasterChef-like staking contracts. Users can stake LP tokens into the MasterChef contract to get the reward.

Nature of the Vulnerability

  • The masterchef-like staking contract is upgradeable.
  • The project owner upgraded the staking implementation contract to a malicious version.
  • In the updated implementation, the malicious function add, which is different from the audited version, moves staked LP tokens and removes liquidity. A newly added function getToken is invoked to mint Swaprum tokens for the deployer and sell them for profit. Screenshot 2024-01-08 at 6.08.31 AM

CertiK Audit Overview

Screenshot 2024-01-08 at 6.09.50 AM

Conclusion

On May 18, 2023, the Swaprum protocol deployer rug pulled by upgrading the contract “MasterChef” contract to the malicious version and withdrew a significant quantity of LP tokens that staked inside the contract and mint a large amount of Swaprum token to drain the pool.

Related Blogs

Resolv Protocol Incident Analysis
Reports ·Incident Analysis

Resolv Protocol Incident Analysis

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

Threshold Cryptography IV: Multiplicative-to-Additive (MtA) Protocol and Paillier Encryption Scheme
Technical Blogs ·Technical Insights

Threshold Cryptography IV: Multiplicative-to-Additive (MtA) Protocol and Paillier Encryption Scheme

In this post, we provide a detailed examination of the MtA protocol, which utilizes the additively homomorphic properties of the Paillier encryption scheme to facilitate the exchange of encrypted secret shares among the participating parties.

Cork Protocol Incident Analysis
Blogs ·Incident Analysis

Cork Protocol Incident Analysis

On May 28, 2025, asset-pegged insurance CorK Protocol suffered a ~$12M security breach. The attacker exploited a lack of parameter checks, to set up a fake market, and the relatively open access of its AMM extension (CorkHook) to induce double counting of derivative token weETH8DS-2 on two markets, and acquire a large amount of derivatives which they redeemed for 3,761 wstETH.