Back to all stories
Post Mortem: Safemoon
1/8/2024
Project name: Safemoon
Project type: Token
Date of exploit: Mar 28th, 2023
Asset loss: $8.9M
Vulnerability: Access control
Date of audit report publishing: May 3rd, 2021
Conclusion: Out of Audit Scope
Details of the Exploit
Background
Safemoon is a token project where fees will be taken and added as liquidity in the token transfer process.
Nature of the Vulnerability
- The public burn function allows anyone to burn tokens in any account.
CertiK Audit Overview
Conclusion
On Mar 28th, 2023, the Safemoon token contract was attacked, leading to a loss of $8.9M. The attacker took advantage of the public burn function and drained funds from the LP pool.
The vulnerability lies in the public burn function in the newly upgraded token contract, which CertiK has not audited.
Related Stories
In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.
1/17/2024
On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.
1/8/2024
On April 9th, 2023, the RouteProcessor2 in Sushiswap was exploited due to missing validation on the input with processRoute function. The total loss is around $ 3.3 M.
1/8/2024
