DeFi Security review: Why Shibaswap is a ticking time bomb – Decentralized finance (Defi) protocols have always been a very risky platform which attackers have often exploited resulting in losses in Millions of dollars for defi traders; but security experts have seen even more danger in Shibaswap which launched yesterday and within just 24hrs achieved a total value locked (TVL) of $1billion.
Various Defi security audits monitored by Financial Watch suggests liquidity providers may be throwing their money into a burning flame as they highlight multiple security concerns and lack of transparency.
Capitalizing on the popularity of their Dogecoin fork, Shiba Inu (SHIB), amid the Elon-Musk stoked dog-token trading frenzy, the coin’s developers launched their DEX with enticing yield incentives for liquidity providers on July 7.
On July 8, platform reviewer DeFi Safety published a report on ShibaSwap, scoring the protocol at just 3%, far below the 70% level the site considers a pass.
Describing the score as “a devastating fail,” DeFi Safety failed ShibaSwap on all but two of its 22 review criteria, with the protocol scoring 30% for the clarity of information provided in its whitepaper.
The review’s author is Rex Hygate, the founder of SecuEth and Caliburn Consulting. He highlighted ShibaSwap’s anonymous team, lack of transparency and documentation and pointed to the fact there is no public software repository, development history, or way to test the code.
On July 7, Solidity developer, Joseph Schiarizzi, posted an article warning that ShibaSwap’s staking contract had been under the control of just a single address for most of its first day of operation.
While ShibaSwap has since updated the contract to a multi-signature account requiring six of nine Safe Owners to agree on transactions before can be executed, Schiarizzi warns that each of the addresses may be under the control of a single entity:
“Multiple of these Safe Owners are new accounts with 0 transactions and no ETH, so they are most likely just place holders for the ShibaSwap devs who can agree easily to call any owner only function on the staking contract.”
Schiarizzi emphasized the risks associated with the staking contract’s migrate function being under the control of a single entity, identifying that the contract owners “can simply deploy a new migrator contract which sends themselves all the LP tokens.”
DeFi Watch analyst Chris Blec shared Schiarizzi’s warnings about ShibaSwap’s security risks to his 22,000 followers and highlighting the DeFi Safety review.