DeFi Detective Claims This ‘Suspicious’ Smart Contract Code Could Endanger Dozens of Projects

According to famed decentralized finance (DeFi) detective Zachxbt, 31 non-replaceable token (NFT) projects could be at risk due to “suspicious code”. In a lengthy Twitter thread published Tuesday, the DeFi detective first raised the release of the NFT project Thestarlab, which was reportedly compromised for 197,175 Ether (ETH), valued at $580,325 at the time of publication. Zachxbt quoted fellow blockchain researcher MouseDev, who came to the following conclusion after looking at the code behind Thestarlab:

“The smart contract [for this project] can never really be renounced or transferred – just an additional owner. The original provider is always considered the owner. This means that if they still have the developer’s private key, they can retrieve the money even if the owner is the null address.”

MouseDev claimed that when the developers implemented their contract, they stored two variables as owner. “Then they later changed one of them to the null address to appear as if they renounced but kept another unaltered variable,” MouseDev said.

Based on this information, Zachxbt claimed to have discovered 31 NFT projects that all contracted the same Fiverr developer to implement the supposedly problematic smart contract. In addition, the DeFi detective had the following comments:

“Please do the proper due diligence. Always review the contract beforehand, especially if it is outsourced. Fortunately, a few projects have since been able to migrate contracts and cope with the Five developer. After looking internally, a few also found other red flags.”

Leave a Comment