03-29-2023, 11:09 AM
Safemoon got exploited because they allowed anyone to burn any tokens in their new c
<!-- SC_OFF --><div class="md"><blockquote> <p>It’s a bit ironic that this explanation came from the former golden boy who the Safemoon community widely lauded, and then he launched his own token and got exploited for $5m. But I guess that gives you experience…</p> <p>Safemoon was just hacked for $8.9M.</p> <p>After two minutes looking at the newest Safemoon contract, I was able to identify the extremely obvious exploit.</p> <p>The attacker took advantage of the public burn() function, this function let any user burn tokens from ANY other address (code attached).</p> <p>The attacker used this function to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially raising the price of SFM.</p> <p>The attacker was then able to sell SFM into this LP at a grossly overpriced rate within the same transaction, wiping out the remaining WBNB in the liquidity pool.</p> <p>This is an extremely elementary exploit that many contracts in the space have been falling victim to. </p> <p>Please do not let any user burn tokens from any address, it is a bad idea. </p> </blockquote> <p>So there it is. This is what happens when you trust kids with zero experience who have a penchant for publishing untested code. Which I have previously warned Safemooners for. Three fucking times.</p> </div><!-- SC_ON --> submitted by <a href="https://www.reddit.com/user/TNGSystems"> /u/TNGSystems </a> <br/> <span><a href="https://www.reddit.com/r/CryptoCurrency/comments/12551fy/safemoon_got_exploited_because_they_allowed/">[link]</a></span> <span><a href="https://www.reddit.com/r/CryptoCurrency/comments/12551fy/safemoon_got_exploited_because_they_allowed/">[comments]</a></span>
<!-- SC_OFF --><div class="md"><blockquote> <p>It’s a bit ironic that this explanation came from the former golden boy who the Safemoon community widely lauded, and then he launched his own token and got exploited for $5m. But I guess that gives you experience…</p> <p>Safemoon was just hacked for $8.9M.</p> <p>After two minutes looking at the newest Safemoon contract, I was able to identify the extremely obvious exploit.</p> <p>The attacker took advantage of the public burn() function, this function let any user burn tokens from ANY other address (code attached).</p> <p>The attacker used this function to remove SFM tokens from the Safemoon-WBNB Liquidity Pool, artificially raising the price of SFM.</p> <p>The attacker was then able to sell SFM into this LP at a grossly overpriced rate within the same transaction, wiping out the remaining WBNB in the liquidity pool.</p> <p>This is an extremely elementary exploit that many contracts in the space have been falling victim to. </p> <p>Please do not let any user burn tokens from any address, it is a bad idea. </p> </blockquote> <p>So there it is. This is what happens when you trust kids with zero experience who have a penchant for publishing untested code. Which I have previously warned Safemooners for. Three fucking times.</p> </div><!-- SC_ON --> submitted by <a href="https://www.reddit.com/user/TNGSystems"> /u/TNGSystems </a> <br/> <span><a href="https://www.reddit.com/r/CryptoCurrency/comments/12551fy/safemoon_got_exploited_because_they_allowed/">[link]</a></span> <span><a href="https://www.reddit.com/r/CryptoCurrency/comments/12551fy/safemoon_got_exploited_because_they_allowed/">[comments]</a></span>