$250 000 USD

JUNE 2021

GLOBAL

SAFEDOLLAR

DESCRIPTION OF EVENTS

"Stablecoins are a special type of cryptocurrency tokens that are pegged to certain fiat currencies, usually the U.S. dollar. They are designed to always retain the value of their corresponding assets and—in theory—should always be tradeable or redeemable in a one-to-one ratio." "SafeDollar launched its Decentralized Exchange Offering on its partner exchange PolyDEX on Jun. 14."

 

"The Next Generation Algorithmic Stable Coin On Polygon" "Inspired by and improved from all predecessors, we are pleased to present the next generation algorithmic stablecoin on Polygon. SafeDollar will be the first and only algorithmic stablecoin that combines unique features of seigniorage, deflation protocol and synthetic assets." "#SafeDollar [is] Powered by @0xPolygon and supported by @QuickswapDEX."

 

"With its unique tokenomics and combined features, we strongly believe that SafeDollar will redefine the algorithmic stablecoin concept and set a new standard on Polygon landscape." "In SafeDollar’s case, the stablecoin uses a combination of “unique features of seigniorage, deflation protocol and synthetic assets” as its basis."

 

The contract was not audited. "Your dollars are not safe and they never were. Just $248k taken from a protocol that was called "SafeDollar.""

 

"SafeDollar, a decentralized finance (DeFi) stablecoin that is based on the Polygon blockchain, has been hit by an cyberattack, according a statement on its Telegram channel." "At around 3:48 AM UTC on Jun 28, a hacker managed to mint a huge amount of SDO (an algo stablecoin on Polygon) and dumped them into the market." "SafeDollar reward logic vulnerability was exploited which resulted in the theft of $250K." "[T]he attack took place on Ethereum’s layer 2 network called Polygon (previously Matic)."

 

"In th[eir first] transaction, the hacker deposited and withdrawal ~2.3M PLX token 101 times, get a lesser amount each time because of the transfer tax of PLX, ended up getting only 2M PLX at the last time." "The hacker then sent the second transaction to claim the reward and got 831,309,277,244,108,000 SDO as the reward." "As the 101 times of deposit and withdrawal drained the balance of PLX to near zero, the accSdoPerShare skyrocketed (to 1142913215739484400 per PLX in case you would like to find out the exact number)." "As a result, the hacker [took] out 202k USDC and 46k USDT." "The protocol itself is working fine. Only the PLX version 1 pool had an issue and caused the exploit."

 

"The value of SafeDollar has dropped to $0, according to the protocol's website." "The price of SafeDollar (SDO), an algorithmic decentralized finance (DeFi) stablecoin based on the Polygon (MATIC) blockchain, has plummeted to literally zero."

 

“SafeDollar has been under attack. We have paused activities on SafeDollar and investigating the matter. IMPORTANT: PLEASE STOP ALL TRADING RELATED TO $SDO. We will announce the post-mortem after the investigation done with compensation plan for Liquidity Providers,” said the announcement. "We are finalizing and will announce the Compensation and move Forward Plan in a separate article."

 

"First of all, SafeDollar team would like to express our sincere apology for the exploits that happened last 1 week. In fact, both of the exploit related PLX token (PLX version 1) only while the protocol is working fine. We still have a strong belief in our protocol and the technology." "Moreover, we still owe the investors who bought the IDO as well as the Liquidity Providers, who lost their funds due to the exploit." "We would like to re-launch SDO v2 and allow the migration from SDO v1 based on the snapshot before the incident."

 

"For Liquidity Providers of SDO/USDC and SDO/USDT pools, there are 2 parts to be compensated, SDO and USDC/USDT. SDO will be snapshot and LP will be able to claim equivalent SDOv2. For the USDC/USDT part, LP will be able to claim the equivalent SafeUSDC. The compensation claiming will be vesting in 4 weeks." "SDO holders will be able to claim equivalent SDOv2 vesting 4 weeks based on the snapshot before the exploit happened."

 

"After unexpected events, we are back with continuous efforts for new products as well as fulfilling our commitments to investors." "We are proud to announce that SafeDollar still stay strong and continue its path with a very new product, SafeAssets." "SafeAssets will use ChainLink service for price feed." "SafeDollar has taken the first step in its journey - 1M TVL has reached!"

SafeDollar was backed by crypto-assets stored in a smart contract hot wallet, which even featured more than one vulnerability. They didn't see the value in an audit or bug bounty program.

 

Rather, their approach was to wait until the wallet was drained before coming up with a plan to reimburse investors using a new service they're offering called SafeAssets.

HOW COULD THIS HAVE BEEN PREVENTED?

The project stored all of the assets in a smart contract hot wallet. If most assets had instead been stored in an offline multi-sig, the attack would have resulted in significantly less impact.

 

Other steps the team could have taken would include a smart contract audit or a bug bounty program.

 

Check Our Framework For Safe Secure Exchange Platforms

No Title (Jul 24)
Safedollar Exploit Root Cause Analysis (Jul 24)
SafeDollar Post-Mortem Analysis. Summary | by Safe Dollar | Medium (Jul 24)
Rekt - SafeDollar - REKT (Jul 30)
blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
security/2021-06-28-SafeDollar.md at master · OriginProtocol/security · GitHub (Aug 11)
@Mudit__Gupta Twitter (Aug 11)
@peckshield Twitter (Aug 11)
SafeDollar Protocol (Aug 22)
Safedollar The Next Generation Algo Stablecoin On Polygon (Aug 22)
SafeDollar - SafeDollar (Aug 22)
Stablecoin SafeDollar Hit by Cyberattack (Aug 22)
Polygon Transaction Hash (Txhash) Details | PolygonScan (Aug 28)
Polygon Transaction Hash (Txhash) Details | PolygonScan (Aug 28)
SafeDollar ‘stablecoin’ drops to $0 following DeFi exploit on Polygon | Hacker News (Aug 28)
SafeDollar 'Stablecoin' Drops To $0 Following $248,000 DeFi Exploit On Polygon - Slashdot (Aug 28)
@defiprime Twitter (Aug 28)
SafeDollar ‘stablecoin’ drops to $0 following $248,000 DeFi exploit on Polygon (Aug 28)
@safedollarfi Twitter (Aug 28)
@safedollarfi Twitter (Aug 28)
@safedollarfi Twitter (Aug 28)
@safedollarfi Twitter (Aug 28)
Safedollar Compensation And Move Forward Plan (Aug 28)
@safedollarfi Twitter (Aug 28)
Address 0xfedc2487ed4bb740a268c565dacdd39c17be7ebd | PolygonScan (Aug 28)
SafeDollar ‘stablecoin’ drops to $0 following $248 million DeFi exploit on Polygon : CryptoCurrency (Aug 28)
SafeDollar Stablecoin not Safe nor Stable: Hack Sends Value to ZERO - Security Boulevard (Aug 28)
Polygon Project SafeDollar Crashes to Zero After Attack | Crypto Briefing (Aug 28)

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.