TL;DR#
On March 28, 2023, SafeMoon was exploited due to a smart contract vulnerability, resulting in a loss of approximately $8.65 million.
Introduction to SafeMoon#
SafeMoon is working on building blockchain, NFT, and metaverse products to get more value out of the underlying crypto technology.
Vulnerability Assessment#
The root cause of the vulnerability is due to the presence of a public burn function.
Steps#
Step 1:
The most recent change to the SafeMoon token contract added the burn function, along with four other functions. It was updated yet again to allow anyone to burn tokens instead of the sender.
Step 2:
The attack was initiated by the SafeMoon Deployer. So it is likely that the private keys of their contract deployer were compromised.
Step 3:
We attempted to analyze the attack transaction executed by the exploiter.
Step 4:
The exploiter took advantage of the public burn function, which allows any user to burn tokens from any other address.
function burn(address from, uint256 amount) public {
_tokenTransfer(from, bridgeBurnAddress, amount, 0, false);
}
Step 5:
Thus, the attacker was able to remove SFM tokens from the SafeMoon-WBNB LP, alleviate the price of SFM tokens, and sell them at a grossly overpriced rate within the same transaction, which ultimately wiped out the remaining WBNB in the liquidity pool.
Step 6:
The attack was front-run by a MEV bot, who has since transferred approximately 27,380 $BNB worth $8.65 million to this address.
Step 7:
The exploiter further mentioned that they are waiting for the setup of a secure communication channel to return the funds back to the team.
Aftermath#
After the attack, the team acknowledged its occurrence, indicated that it had an impact on the SFM:BNB LP pool, and assured everyone that their DEX were safe.
They further added that the team had a meeting with their key advisors to come up with a strategy for safeguarding token holders and the community as a whole. The team has patched the vulnerability and is working with a chain forensics consultant to identify the precise nature and scope of the attack after it appears that the vulnerability has been addressed.
Solution#
It is critical to understand that no security measure is perfect, but implementing rigorous security standards can greatly reduce the risk of all such attacks on DeFi protocols. These standards can aid in identifying and addressing potential attack vectors before they are exploited by attackers.
Independent third-party auditors should conduct regular smart contract audits to identify vulnerabilities and recommend mitigation strategies. This can aid in identifying and addressing potential attack vectors before they are exploited by attackers.
It is recommended to use hardware wallets to store private keys offline. Using multi-signature wallets can add an additional layer of security. Cold storage, which involves storing the private keys on a machine that is not connected to the internet, is also recommended, making them less vulnerable to phishing-like attacks.
Additionally, many formal verification tools can also be used to ensure that the smart contract behaves as it is intended to.
We may not have prevented the occurrence of this hack, however the impact or aftermath of this attack could have been significantly reduced if Safe Moon had set up a dedicated cover pool in the Neptune Mutual marketplace. We offer coverage to users who have suffered a loss of funds or digital assets occurring as a result of smart contract vulnerabilities owing to our parametric policies.
Users who purchase the available parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident is resolved through the incident resolution system. At the moment, our marketplace is available on two popular blockchain networks, Ethereum, and Arbitrum.
Neptune Mutual's security team would also have evaluated the platform for DNS and web-based security, frontend and backend security, intrusion detection and prevention, and other security considerations.
Reference Source BlockSec
