$111 000 USD

JULY 2021




Sanshu Inu is "[a] community-focused decentralized transaction network. SANSHU is fully decentralized, and all decisions are made by the community." "Sanshu is fully decentralized, had a fair launch and an exciting roadmap."


"We are a part of the newly emerging Inu family! Thanks to the massive success of DOGE, several new spiritual successors have been released with inspiration from the classic memecoin itself! SANSHU is one of the newest of the bunch, and we have lots of unique features to offer!"


"A fully deflationary token that burns and redistributes tokens on every single transaction. $SANSHU’s deflationary mechanisms include a burn and redistribution system. 1% of each transaction is burned, and 1% is distributed as rewards to holders."


"We burnt 58%+ of the total token supply. Check for yourself on Etherscan. Don't trust, verify! You get what you deserve. 1% of each transaction is redistributed among the holders. We have made a fair launch and there are no team tokens. Luckily, no manipulation, no whales. Just the sound of a growing community. We aim to include the community in order to make decision for all. If the community has a benefit, we're happy. Together we grow. Undoubtly, we have a straight and delicious roadmap. While achieving those goals, we stay flexible and adapt to community suggestions."


“Currently, Sanshu Inu is a very small souvenir in relation to many other cryptos out there today. However, investors intrigued by the growth potential of such crypto options have perpetuated to pile into these names of late.”


"Here is a high quality crypto gem: Sanshu Inu which has just 400 holders at the moment. Very low Mktcap and should be skyrocket soon. Great roadmap!!!!!"


The "Smart Contracts [were] fully audited by techrate.org" in April 2021.


"On July 21st, [BlockSecTeam] reported a couple of suspicious transactions. After manual analysis, [they] confirm[ed] that th[o]se transactions are attacks to Sanshu Inu. Specifically, the Memstake contract of Sanshu Inu was attacked by abusing the deflation mechanism."


"Hello SANSHU ARMY, Yesterday evening around 8PM UTC DOGPARK has been attacked by what we believe has been a Reentrancy Attack." "All pending and future farming & staking rewards were drained from the DogPark MemeStake Contract and sold onto the open market by the attacker. All Keanu staked on the DogPark was exposed to this vulnerability, and this prevented Community Members from unstaking their tokens."


"Using the mechanism of deflation token KEANU to attack the reward vulnerabilities in the Memestake contract deployed by Sanshu Inu, the attacker finally made a profit of about 56 ETH."


"Step 1 (preparation): The attacker creates two attack contracts. The first one deposits 2,049B KEANU. The second one is the attack contract. Step 2 (manipulation): the attacker first borrows a large number of KEANU tokens using the flash loan ( Towards A First Step to Understand Flash Loan and Its Applications in DeFi Ecosystem (SBC 2021)) from uniswapV2, and then deposits the tokens into/withdraws from the Memestake using the second smart contract created in step 1. Since the KEANU has the deflation mechanism, which burns 2% tokens for each transaction, the real number of tokens deposited into the Memestake is smaller than the value ( user.amount) maintained by the Memestake contract. The attacker repeats this process and makes the number of KEANU tokens inside the Memestake decrease to a small one (1e-07). See the transaction 0x00ed and the following figure. Step 3 (making profit): The attacker invokes the Memestake.updatePool() to update the accMfundPerShare. This value relies on the number of KEANU tokens (which was manipulated in the second step.) Then the attacker obtains a large number of Mfund(~61M). See the transaction 0xa945 for more details. Step 4 (swapping to WETH): The attacker swaps the MFund and KEANU to WETH and launder the money through Tornado.Cash. The attacker gained 55.9484578158357 ETH as profits."


"The attack consists of four steps. The critical one is the second step, which leverages the deflation mechanism of the ERC20 token to manipulate the reward calculation of the Memstake smart contract."


"Farming & Staking has ended. No pending rewards are left to harvest. Distribution of MFUND has ended. 100M supply is now in circulation."


The "DEV Team is now looking into the next steps for MFUND rebase, due to this attack we might change a few things, but will be going forward as planned! We [a]ppreciate the trust the [c]ommunity has in the [t]eam and we will do everything in our power to restore things back to normal."


"Version 1.0 is scheduled for release soon, with a new smart contract developed from scratch! As well as a new Auditor that’s more trusted. The new reward token that will replace MFUND is our new governance token and you can use both MFUND & SANSHU to provide liquidity."


"The MemeStake Contract currently doesn’t contain any MFUND Tokens, this causes the issuance mechanism to fail. Because of this rewards you are seeing on DOGPARK are incorrect, if you were to withdraw yourself you would be withdrawn a zero wasting your eta on gas."


"We are currently working with a top Oracle provider to initiate the rebase which will be calculated from the total market cap of BTC, ADA, ETH & DOGE."


"At Sanshu, security for our community members is of the utmost importance. This is why we partnered with Solidity Finance to conduct a simulation of hundreds of thousands of interactions with our Smart Contract to determine if any security vulnerabilities existed. Solidity Finance’s audit results assured us that our smart contracts had passed the security test and so our Dev Team is now investigating how this attack could possibly have happened, since we had successfully passed a security audit."


"Our Main DEV SanshuBro will be compensating all who were affected by the exploit within the next 1–2 weeks." "SanshuBro will send the compensation based on the google form and send them the money by ERC20. Moreover, SanshuBro will cover the gas fees for sending these funds, just to show you how sorry the team is for this inconvenience."

Sanshu Inu is a deflationary token operating exchangeable via a smart contract, which features a hot wallet liquidity pool. Despite a security audit being performed, there was still an error in the implementation of this pool which allowed an attacker to drain all the funds.


One of the lead developers has intent to make all affected users whole again.


While the smart contract security could be improved through additional audits and by offering bug bounties, this is yet another example to show that smart contract hot wallets may still contain vulnerabilities. It is not possible to prove that a sufficiently complex smart contract is completely secure.


Storing the majority of funds in offline multi-signature storage is the best practice. The industry may also grow to develop a working smart contract insurance model. A project should generally be prepared for the full loss of anything stored in a smart contract hot wallet.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.