It’s Time to Talk Security
Note: this article is not investment advice. Do your own research, and never invest more than you can afford in any project!
We’ve stated our opinion about Safe Moon’s vulnerabilities in Telegram and elsewhere. These opinions are largely based on Safe Moon’s own Certik audit, as well as the opinions of other auditors. Safe Moon’s code sends LP tokens to a private wallet, which gives them direct access to remove liquidity (something that has been done on several occasions). The contract owner is also a private wallet address, and the contract functions are not timelocked.
The team at Safe Moon argues (and we’re paraphrasing): We don’t need to lock liquidity or timelock the contract, because you know our identities. Our lives would be ruined if we misbehaved!
To be clear, we’re not calling anyone on Safe Moon’s team a scammer, and we hope that their intentions are good for the sake of their many investors.
But when have scammers ever cared about the consequences of their actions? Bernie Madoff stole billions of dollars as a public figure, and when he was caught, his life was ruined. Did the threat of prison stop him from scamming people in the first place? Of course not. Scammers don’t care about other people or follow the same ethical guidelines that define civil society. And scammers often don’t think they will ever be caught, whether you recognize their face or not.
We founded SAFERmoon with the intention of remaining anonymous (which is a key security concern in the DeFi space) while still providing a trusted token. The idea is: You can trust the token because the code is solid, not because we’re asking you to arbitrarily trust any individual humans.
No one knows who created Bitcoin, yet it remains the world’s most popular cryptocurrency. Knowing its creator doesn’t guarantee its security, just as an anonymous creator doesn’t equal more risk.
The Next Step
With all this in mind, we will soon be taking another step to further increase SAFERmoon’s security. The dev wallet funds, which currently make up about 20% of the supply, will be transferred to a timelocked contract.
These funds are used for giveaways, burns, and paying for some services. But they’re owned by the dev team’s wallet, which means that we consider them a security risk. While we hope to build trust with our community (and I think we already have), we don’t think trust should be essential to making a smart investment choice. Trust the code, not us.
On Tuesday, June 1, we will be deploying a new smart contract, which you will be soon able to review our GitHub page here. It is based off of the Compound Labs, Inc. timelock contract, which is battle-tested code.
Once deployed, we will call SAFERmoon’s timelock function to whitelist the address. One day later (Wednesday), we will transfer a small amount of funds to the contract from the dev wallet for testing. We will then unlock those funds and send them back to the dev wallet (Thursday). Once the testing is complete (Friday), we will transfer the Dev Wallet’s funds into the new timelocked contract.
What does this mean for you?
It means that giveaways and burns will no longer happen immediately. In order to remove funds from the timelocked contract, we will need to tell the contract the amount we want to unlock and the address. You’ll be able to see this information for up to 24 hours before the funds are released.
This is less convenient both for investors and for the team — but it is more secure. And at the end of the day, the SAFERmoon team will always choose the more secure option.
From the team, #staySAFER!
How to buy: https://www.youtube.com/watch?v=TiW6T_w-4ek