A unit of the cryptocurrency Safemoon (SFM) was once worth the equivalent of 0.72 US cents, says the world’s largest crypto exchange Binance; the price is currently around 0.02 cents (-97%). Manipulating the exchange rate can get big loot. In fact, someone grabbed almost nine million US dollars (about 8.2 million euros); SFM holders can hardly sell their virtual coins at the moment.
Different versions are circulating about the exact course of events. What is clear is that many crypto coins are in the wrong hands. The focus is on a bug in the Safemoon liquidity pool. The liquidity pool is supposed to enable a quick switch from SFM to WBNB and vice versa. WBNB is a variant of the in-house token BNB of the world’s largest crypto exchange Binance. SFM and WBNB are stored in the liquidity pool so that users who want to exchange one cryptocurrency into another do not have to wait for another user who wants to exchange in the opposite direction.
Smart contract is not
Technically, a liquidity pool is a smart contract (an often misleading term). Smart contracts rely on software that automatically responds to certain inputs. The source code can usually be viewed by the participants. By their very nature, once closed, smart contracts are immutable; due to bugs, however, this has led to millions in losses. Therefore, mutable smart contracts are becoming more common, as is the Safemoon liquidity pool.
This contains a function that allows SFM to be deleted, regardless of where they are stored and who they “own”. This “burn” function should actually only be able to use the operating company Safemoon LLC.
However, a bad update of the smart contract meant that anyone could use this feature. Several crypto specialist websites are reporting that an unknown sneaky man took advantage of this. He therefore first bought some SFM, then he (unauthorized) deleted most of the SFM stored in the liquidity pool. This disturbed the balance in the pool, because suddenly there were very few SFM against the saved WBNB. As a result, these SFMs were suddenly worth a multiple of the WBNB as part of the liquidity pool
The next step was then to deposit the previously purchased SFM into the liquidity pool to get all WBNB out. The previously purchased SFM brought in a multiple of WBNB, equivalent to $8.9 million.
The Random Samaritan
The website Decrypt.co points out however, suggest that someone has a Message to Safemoon operators sent: “Hey relax, we are accidently frontrun an attack against you, we would like to return the fund, setup secure communication channel, lets talk”. (e.g. “Relax, we unintentionally thwarted one of your attacks by front running, we would like to return the sum, let’s set up a secure channel, let’s talk”.)
Safemoon is traded on a publicly viewable blockchain; Blockchains are mostly slow, trades take a certain amount of time. If someone pays higher fees (in addition to the 10 percent fee for all Safemoon transactions), their order will be processed first. In technical jargon this is called front running.
The second stranger claims to have unintentionally exploited the smart contract error by placing an order, for which he paid higher fees for the quick processing. The stock of WBNB was thus skimmed off; because the liquidity pool was empty on both sides, the actual perpetrator could no longer withdraw any WBNB.
Safemoon LLC
It is unclear whether this story of the random Samaritan who fell into his lap more than eight million euros, which he would now like to return for a reward to be negotiated, is true. Holders of SFMs cannot currently change them because the liquidity pool is empty. The Safemoon operators are spreading perseverance slogans and apparently hoping that Binance will freeze the withdrawn WBNB and return it to the SFM liquidity pool. Then no reward would be due to the Samaritan, and once again it was proven that “centralized finance” might have advantages over DeFi (decentralized finance).
Critics have been making accusations against the Safemoon operators for some time, ranging from pump-and-dump to pyramid schemes. Last year, aggrieved SFM owners filed two class action lawsuits. One lawsuit has since been put on hold, the other being filed under the name Combs et al. Safemoon LLC et al in the U.S. District Court of Utah (Ref. 2:22-cv-00642).
In addition to its own cryptocurrency, Safemoon LLC offers a password manager and is said to be working on setting up a crypto exchange. There was also talk of a debit card that users could use to spend their SFM coins in regular stores; for this they should pay 2.5 percent fees for each use, which triggered ending enthusiasm.
(ds)
