$95 000 USD

JUNE 2021

GLOBAL

SAFEDOLLAR

DESCRIPTION OF EVENTS

"Stablecoins are a special type of cryptocurrency tokens that are pegged to certain fiat currencies, usually the U.S. dollar. They are designed to always retain the value of their corresponding assets and—in theory—should always be tradeable or redeemable in a one-to-one ratio." "SafeDollar launched its Decentralized Exchange Offering on its partner exchange PolyDEX on Jun. 14."

 

"The Next Generation Algorithmic Stable Coin On Polygon" "Inspired by and improved from all predecessors, we are pleased to present the next generation algorithmic stablecoin on Polygon. SafeDollar will be the first and only algorithmic stablecoin that combines unique features of seigniorage, deflation protocol and synthetic assets." "#SafeDollar [is] Powered by @0xPolygon and supported by @QuickswapDEX."

 

"With its unique tokenomics and combined features, we strongly believe that SafeDollar will redefine the algorithmic stablecoin concept and set a new standard on Polygon landscape." "In SafeDollar’s case, the stablecoin uses a combination of “unique features of seigniorage, deflation protocol and synthetic assets” as its basis."

 

"An attack on June 20 resulted in the loss of 9,959 SDS, the protocol’s share tokens, worth around $95,000 at the time." "The attack happened on Jun-20–2021 06:21:04 PM +UTC." The attacker "withdrew 9,959.26 SDS, then sold for 95,392 USDC after bridging all to Ethereum." "This incident only affects the IDO token sale which is using PolyDEX’s token lock contract."

 

"SafeDollar developers published a “Postmortem Analysis” about an exploit that resulted in the loss of the protocol’s 9,959 SDS tokens—worth around $95,000 at the time."

 

"SafeDollar team will use $100,000 USDC and SDS from Dev fund to provide back 9,959.29 SDS for IDO buyers to claim their SDS." "We will deploy the new contract, and IDO buyers will be able to claim all their remaining SDS at once, without the need of vesting anymore."

SafeDollar was backed by crypto-assets stored in a smart contract hot wallet, which even featured more than one vulnerability. They didn't see the value in an audit or bug bounty program.

 

Rather, their approach was to wait until the wallet was drained before coming up with a plan to reimburse investors from the dev fund.

HOW COULD THIS HAVE BEEN PREVENTED?

The project stored all of the assets in a smart contract hot wallet. If most assets had instead been stored in an offline multi-sig, the attack would have resulted in significantly less impact.

 

Other steps the team could have taken would include a smart contract audit or a bug bounty program.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.