Post Mortem: Safemoon

Project name: Safemoon

Project type: Token

Date of exploit: Mar 28th, 2023

Asset loss: $8.9M

Vulnerability: Access control

Date of audit report publishing: May 3rd, 2021

Conclusion: Out of Audit Scope

Details of the Exploit

Background

Safemoon is a token project where fees will be taken and added as liquidity in the token transfer process.

Nature of the Vulnerability

The public burn function allows anyone to burn tokens in any account.

CertiK Audit Overview

Screenshot 2024-01-11 at 8.37.00 PM

Conclusion

On Mar 28th, 2023, the Safemoon token contract was attacked, leading to a loss of $8.9M. The attacker took advantage of the public burn function and drained funds from the LP pool.

The vulnerability lies in the public burn function in the newly upgraded token contract, which CertiK has not audited.

Post Mortem: Hector Network

In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.

2024年1月17日

报告 ·事件分析

Post Mortem: Fintoch

On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.

2024年1月8日