Discover more from Verichains
Verichains Weekly Security Digest | May 2023 Week 3
In this week’s digest, Verichains welcomes the opportunity to provide our blockchain audit service to Milady Meme Coin as well as discuss the importance of security precautions when engaging with meme tokens in general.
Meme tokens have been a staple of the crypto community ever since the creation of Dogecoin in 2013. These tokens remain largely as speculative assets driven by the enthusiasm of investors, also known as “hype”. With that being said, they are a rather lucrative vehicle of investment, albeit a risky one, with a market cap of over $17 billion.
The allure of quick riches and the excitement surrounding the next "meme coin" often overshadow the inherent risks involved such as scams, rug pulls, and Ponzi schemes. So naturally, some investors will pay close attention to a token’s fundamentals to ensure the legitimacy of the project they are investing in. As a result, meme projects have obtained security audits from reputable security firms to promote transparency and community trust.
Last week, Verichains provided our blockchain audit service to Milady Meme Coin, a meme token created to pay homage to the Milady Maker NFT collection which had gained recent popularity after being featured on a post by Elon Musk. Our scope was to audit their token API backend and its smart contracts with the source code provided to us.
The scope of Verichains’ audit for Milady Meme Coin includes their API backend and 3 smart contracts based on the source code provided.
During the audit process of their smart contracts, Verichains discovered 3 low vulnerabilities that were acknowledged by the Milady Meme Coin team. You can view our in-depth assessment and recommendations of Milady Meme Coin smart contracts in the public report here.
In the audit of their API backend, Verichains found no vulnerabilities of low, medium, high, or critical severity. However, from our experience in backend security, Verichains also provided a few recommendations to better secure Milady Meme Coin API backend such as designing and implementing a service to monitor the system for abnormal and suspicious behaviors, the use of multi-signature wallets for contract management, and the establishment of protocols for safeguarding sensitive data.
The full report for their API backend is published on our website which you can view in detail here.
Investing In Meme Token
When it comes to meme tokens, investors should exercise caution and due diligence, just as they would with any other investment. This involves a thorough assessment of potential risks and, most importantly, conducting independent research.
While a security audit is an important factor in evaluating a project's legitimacy, it should not be the sole determinant and other aspects should be considered as well. These include examining the project creator, and their track record in the industry, as well as putting the token’s fundamentals into question. By considering these multiple factors, investors can make more informed decisions about the project's credibility and potential for success.
Last Week’s Incidents
💥Type: Reward Calculation Error
💸Loss amount: ~$197,000
Last week, a token called $SNK was hacked for almost $200,000 due to a vulnerability that allowed attackers to exploit the reward system. By staking a small amount in the parent account for a long time and quickly staking a large amount in child accounts using flash loans, they could amplify their rewards. This highlights the need for security audits and testing to prevent such vulnerabilities in smart contracts.
💥Type: Reward Calculation Error and Price Manipulation
💸Loss amount: ~$187,000
A project called SellToken suffered 2 attacks last week which cost them almost $190,000. The first attack occurred due to a flaw in the business logic of the system that allowed a user to manipulate the price in the staking reward contract. By creating a fraudulent price in a pair, an attacker could exchange counterfeit tokens for a valuable token within the staking reward contract.
In the second attack, the SellToken.Router contract provided users with the ability to short tokens. However, there was a vulnerability in the calculation of the token price, which made it susceptible to manipulation. Exploiting this flaw, an attacker utilized a flashloan of a significant amount of BNB to artificially increase the token price. Subsequently, they opened a short Selltoken position and proceeded to sell all the tokens, profiting from the short position. Finally, the attacker closed the position, completing the exploit.
💥Type: Reward Calculation Error
💸Loss amount: ~$152,000
A project called Weecoin was attacked last week for $125,000. The WeebCoin Token includes a feature that permits the burning of WEEB Uniswap Pair balances. Unfortunately, this functionality contains a vulnerability that attackers can exploit to manipulate the pool. The specific issue arises when an attacker deliberately burns the balance of the pair until only one token remains. This action effectively renders the pool defenseless and susceptible to being drained by the attacker.