ShadowFI Pools Run Dry
In today's edition of YIYL (You Invest, You Lose), we go back to another failed attempt at creating value out of thin air and ending up enriching one person at the expense of others, Defis killer app working as it should, and another example of a long list of them, that people fail to learn from, and are doomed to repeat over again until they are broke.
The latest lesson comes from the dumpster fire copycat known as BSC, where scams and failed projects have been able to run cheaper than they otherwise would have as is the case with ShadowFI.
ShadowFi is a LARP project trying to jump on the tornado cash privacy issue and claims that it offers protection of personally identifiable information from corporate and global financial entities. Apparently, they will allow you to frictionlessly, at over 40 million retailers, both online and in person.
How the fuck do you do that when you're using a turing complete chain that re-uses addresses and uses an account balance system?
You tards!
A dark day for shadowFi
Anyway, as the project was doomed to fail, I guess it's a good thing, that it got canned so early on. So let's look at how it all went down.
As is the case with these DEFI projects, they need to set up a liquidity pool and offer a yield to seed the pool, but their pool had something special for some users.
An observant user of ShadowFi followed all the rules of the smart contract and discovered that anyone could call the burn function on the liquidity pool contract for the ShadowFi project.
They use then called the function and were able to exploit this vulnerability by calling the burn function and then taking advantage of the price difference (based on the new circulating supply) to remove all 1078 BNB (~$298,000) in the project's liquidity pool.
The capital that was removed was pretty fresh as the project had only just launched that same day, after running a presale of their SDF tokens.
If you don't get what I mean here is a simple example there is x amount of coins in SDF side of the pool, the user then used a command to burn most of those coins around 10.3 million, then re-synced the price
the new price was now 8.4 SFD to 1078 BNB, the user sold that 8.4 SDF and trained the pool for BNB. The user then sent the 1078 BNB (~$298.2K) TornadoCash and that's the end of that.
The project promised to allow people to "Take your spending away from the floodlights of surveillance capitalism" and apparently involves sending people prepaid Visa cards to help them cash out their cryptocurrency without connecting a bank account or providing KYC information.
Well, to be fair they did honour some part of their claim, they clearly took your spending away.
https://twitter.com/CertiKAlert/status/1565549825889914881
Rugged from the shadows
I sure do love a good rug pull with my DEFI and shadowFi didn't disappoint, at least they are not taking too long with the projects these days and killing them off early before they can do any real harm. As for those who invested their BNB, you're better off without that shitcoin in any case, tough titties, enjoy the valuable lesson, and stop doing dumb shit.
Every time I see a fail like this, I am reminded how hodling bitcoin in cold storage just constantly continues to outperform shitcoiners by massive factors
Image source:
Have your say
What do you good people of HIVE think?
So have at it my Jessies! If you don't have something to comment, "I am a Jessie."
Let's connect
If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase
Earn Free bitcoin & shop | Earn Free Bitcoin & shop | Claim Free Bitcoin & Shop |
---|---|---|
Posted Using LeoFinance Beta
“ How the fuck do you do that when you're using a turing complete chain that re-uses addresses and uses an account balance system?“
This says it all frankly
I mean who supports this crap? Insane anyone thinks these projects are anything that can last.
I think it's all about story telling, not about actually looking at how to solve problems. if someone can explain to me how you add privacy in a system like that, I am happy to listen but it was never a priority, the priority was token creation