- Blockchain firm Pera Finance recently uncovered a vulnerability in SafeMoon and more than 100 other projects.
- The projects that forked the Reflect Finance (RFI) gasless holder yield smart contract apparently also forked this critical bug.
- The bug can be exploited by the contract owner and cause the token holders to lose their funds.
Pera Finance recently published that they uncovered a vital vulnerability with more than 100 projects including viral social media token SafeMoon. These projects forked the gasless holder yield smart contract developed by Reflect Finance and forked the gasless holder yield bug as well.
We have discovered a bug in the smart contracts of more than 100 projects with the frictionless yield feature. It may cause holders to lose their funds. You can read the details from our latest articlehttps://t.co/2bbx0Y9GxI
— Pera Finance (@PeraFinance) June 1, 2021
According to the Pera Finance team, the bug can potentially be exploited by the contract owner and cause a huge loss in users’ funds.
In a detailed medium article, the Pera Finance team explained how the bug works and mentioned that by exploiting this bug,
The accounts included by the contract owner siphons off the tokens out of the balances of all accounts that are currently holders.
The team also provided a list of projects that have the same bug in their smart contracts. The list includes SafeMoon, FEG Token BSC, Pig Finance, SafeMoonCash, Kishu Inu, CateCoin, and more.
With more than 3 million token holders at risk, the Pera Finance team published a solution using the PERA Token smart contract as an example. The contract also includes the gasless yield feature. However, the integration of the frictionless yield feature into the PERA Token smart contract already includes a code that fixes this vulnerability.
SafeMoon, one of the projects that have the bug, has been very popular since its launch and various investors are eyeing to jump in. Many crypto enthusiasts are interested in SafeMoon. However, experts warn users to be very vigilant when investing and opt for projects with more comprehensive pre-launch vulnerability audits.