paint-brush
Rug-Pull: How to Spot the Fraud Easily via Smart Contract Codesby@talktomaruf
4,661 reads
4,661 reads

Rug-Pull: How to Spot the Fraud Easily via Smart Contract Codes

by Abubakar MarufApril 19th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Rug pulls are a lucrative fraud in which developers create new crypto tokens and market them to investors to increase their value and overall liquidity. They then drain the funding pool and crash the token's value to zero before disappearing into thin air and vanishing with the cash. Rug pulls were responsible for more than US$2.8 billion in unlawful activities in 2021, close to an all-time high and up 81 percent from 2020, according to the blockchain data tracker system, Chainalaysis. Smart contracts codes are the backbone that pillared crypto projects: crypto, DeFi, dApps, or NFT. Knowing how to read smart contracts is a must-have skill for anyone interested in investing in crypto projects.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail

Coin Mentioned

Mention Thumbnail
featured image - Rug-Pull: How to Spot the Fraud Easily via Smart Contract Codes
Abubakar Maruf HackerNoon profile picture

Rug pulls are a lucrative fraud in which developers create new crypto tokens and market them to investors to increase their value and overall liquidity. They then drain the funding pool and crash the token's value to zero before finally disappearing into thin air and vanishing with the cash. Rug-pull scams were responsible for more than US$2.8 billion in unlawful activities in 2021, close to an all-time high and up 81 percent from 2020, according to the Blockchain data tracker system, Chainalaysis.


The SQUID token, for example, reached a peak value of $2,850 and then dropped by over 99.99% as the developers yanked the rug out, thus rendering it useless while garnering the developers millions of dollars.


How was this done? The developers manipulated and locked the smart contract code to prevent investors from swapping or selling their tokens after they peaked for profit.


In Cryptoverse, smart contracts codes are the backbone that pillared crypto projects: crypto, DeFi, dApps, or NFT. These codes are automated, self-executing digital agreements and strings of codes that are chiefly written in solidity or other programming languages. It allows users to interact seamlessly with other users and platforms remotely by disintermediating the middle man or centralized institutions.


We often hear DYOR (Do your own Research) on any crypto project before investing a dime in it. Nevertheless, contrary to the advice of many that the first step to DYOR is to have a look at the whitepaper, reading the smart contract codes is the first step to DYOR. The whitepaper, if handled by a professional or a wordsmith skilled with words, may cart away your attention and lure you into investing without having a second thought.


The inability to read smart contracts is a common vector for scams; thus knowing how to read them is a must-have skill for anyone interested in investing in crypto projects. Because smart contracts are so important in the ecosystem, knowing how to understand its data is a must-have ability for anyone who uses it.


Why understanding Smart contracts is key to security?


According to Ledger, This tweet from thomas.eg February 13, 2022, provides a great example of why being able to read a smart contract is essential. Here, two scammers imitated the founders of a popular Solana-based game called Space Falcon and gifted the victim two NFTs that he could stake to earn rewards.


The only catch was, it wasn't the actual Space Falcon, and the smart contract in question would actually allow the scammers to drain 100% of the wallet's funds once the wallet owner approved the transaction. Luckily, the prospect here conducted due diligence and read the smart contract (thanks to transparency!) to realize that it was in fact a "scam contract". You can think of smart contracts as the Ts and Cs of crypto transactions. They go beyond the hype and FOMO to give you precise details about exactly what a project is, who owns it and what you're agreeing to.


And you don't need to be a coder or take up some long hours of Solidity courses to understand how to read smart contracts of most of these crypto projects. Take a time to read the tweet if you are yet to do so.


Before you invest your money in any crypto project, take the time to examine the project's smart contract code. How do you go about it?


A conventional rug-pull project will almost certainly include this in its smart contract code:


function migrate() public{
    require(msg.sender == ceoAddress, "unauthorized");
    ceoAddress.transfer(address(this).balance);
}


Watch out for these below red flags: From above, this Function allows ceoAddress (the contract owner) to move funds from the contract to his address.


  • Nevertheless, it doesn't have to be called "function migrate"; they may title it anything they want, but what matters is what's within the Function! Observe clearly!

It's most likely a rug-pull if the function, when called, allows the contract owner, or any specific address, to move all of the funds out of the contract.


  • If the caller is "ceoAddress," the entire contract balance is transferred to "ceoAddress." Because "ceoAddress" is the person who started the project, this is exactly how that person would pull the rug. Also, take note that it doesn't have to be called "ceoAddress". Cybercriminals or the developers of the scam project can call it whatever they like.


  • Another important factor you should not get deceived with is the "verified" contract status. A contract that has been "verified" is not the same as one that has been audited! Don't be deceived. "Verified" implies that the deployed contract's JSON output matches the contract's ABI on the blockchain! In a nutshell, this does not mean that the contract is secure!!!


  • Auditing usually means that a third-party respected entity has spent time and effort to ensure that the contract is bug-free and contains no hidden codes. Even if the contract has been "audited," it's a good idea to double-check the legitimacy of the "auditing" organization.


On a final note, there are numerous different ways to modify smart contract code by developers to perform a rug pull on innocent investors. However, this is the most apparent and most commonly used method. This guide should assist you in avoiding blatant day scams going on every day in the crypto world.


Stay Safe and Stay protected.


Happy Reading!