Rug pulls are a lucrative fraud in which developers create new crypto tokens and market them to investors to increase their value and overall liquidity. They then drain the funding pool and crash the token's value to zero before finally disappearing into thin air and vanishing with the cash. Rug-pull scams were responsible for more than US$2.8 billion in unlawful activities in 2021, close to an all-time high and up 81 percent from 2020, according to the Blockchain data tracker system, Chainalaysis.
The SQUID token, for example, reached a peak value of $2,850 and then dropped by over 99.99% as the developers yanked the rug out, thus rendering it useless while garnering the developers millions of dollars.
How was this done? The developers manipulated and locked the smart contract code to prevent investors from swapping or selling their tokens after they peaked for profit.
In Cryptoverse, smart contracts codes are the backbone that pillared crypto projects: crypto, DeFi, dApps, or NFT. These codes are automated, self-executing digital agreements and strings of codes that are chiefly written in solidity or other programming languages. It allows users to interact seamlessly with other users and platforms remotely by disintermediating the middle man or centralized institutions.
We often hear DYOR (Do your own Research) on any crypto project before investing a dime in it. Nevertheless, contrary to the advice of many that the first step to DYOR is to have a look at the whitepaper, reading the smart contract codes is the first step to DYOR. The whitepaper, if handled by a professional or a wordsmith skilled with words, may cart away your attention and lure you into investing without having a second thought.
The inability to read smart contracts is a common vector for scams; thus knowing how to read them is a must-have skill for anyone interested in investing in crypto projects. Because smart contracts are so important in the ecosystem, knowing how to understand its data is a must-have ability for anyone who uses it.
Why understanding Smart contracts is key to security?
According to Ledger, This tweet from thomas.eg February 13, 2022, provides a great example of why being able to read a smart contract is essential. Here, two scammers imitated the founders of a popular Solana-based game called Space Falcon and gifted the victim two NFTs that he could stake to earn rewards.
The only catch was, it wasn't the actual Space Falcon, and the smart contract in question would actually allow the scammers to drain 100% of the wallet's funds once the wallet owner approved the transaction. Luckily, the prospect here conducted due diligence and read the smart contract (thanks to transparency!) to realize that it was in fact a "scam contract". You can think of smart contracts as the Ts and Cs of crypto transactions. They go beyond the hype and FOMO to give you precise details about exactly what a project is, who owns it and what you're agreeing to.
And you don't need to be a coder or take up some long hours of Solidity courses to understand how to read smart contracts of most of these crypto projects. Take a time to read the tweet if you are yet to do so.
Before you invest your money in any crypto project, take the time to examine the project's smart contract code. How do you go about it?
A conventional rug-pull project will almost certainly include this in its smart contract code:
function migrate() public{
require(msg.sender == ceoAddress, "unauthorized");
ceoAddress.transfer(address(this).balance);
}
Watch out for these below red flags: From above, this Function allows ceoAddress
(the contract owner) to move funds from the contract to his address.
function migrate
"; they may title it anything they want, but what matters is what's within the Function
! Observe clearly!It's most likely a rug-pull if the function
, when called, allows the contract owner, or any specific address, to move all of the funds out of the contract.
ceoAddress
," the entire contract balance is transferred to "ceoAddress.
" Because "ceoAddress
" is the person who started the project, this is exactly how that person would pull the rug. Also, take note that it doesn't have to be called "ceoAddress
". Cybercriminals or the developers of the scam project can call it whatever they like.
verified
" contract status. A contract that has been "verified
" is not the same as one that has been audited! Don't be deceived. "Verified
" implies that the deployed contract's JSON
output matches the contract's ABI on the blockchain! In a nutshell, this does not mean that the contract is secure!!!
On a final note, there are numerous different ways to modify smart contract code by developers to perform a rug pull on innocent investors. However, this is the most apparent and most commonly used method. This guide should assist you in avoiding blatant day scams going on every day in the crypto world.
Stay Safe and Stay protected.
Happy Reading!