Trusted

Bitfinex Unus Sed LEO Smart Contract Audit Reveals Nasty Surprises for Holders

3 mins
Updated by Daniel
Join our Trading Community on Telegram
After its $1 billion USDT LEO token sale, things could be said to be looking up for Bitfinex as the exchange continues to recover from what has otherwise been a tumultuous start to the year. However, new evidence suggests that there is more to its new Unus Sed LEO token than first meets the eye.
According to a recent audit by security researchers at Cointelligence, the smart contract for Unus Sed LEO is hiding some nasty secrets that might cause investors to think twice before purchasing or even holding LEO tokens. After deploying a test copy of the LEO token contract code on the Ropsten testnet, the security researcher was able to fully test its functionality, and uncover hidden features that could allow iFinex to do practically do whatever they want with the LEO token.

LEO Token Bitfinex

iFinex Can Delete Your Funds

Among the major findings in the report is the fact that the smart controller can be modified at any time, essentially allowing iFinex to change the account that controls the smart contract by calling to the “generateTokens” function found on line 460. By doing this, iFinex will be able to modify the _owner and _amount parameters, which will potentially allow it to print as many tokens as it wants, and direct these tokens wherever it chooses. Conveniently, the whitepaper doesn’t mention the maximum supply of LEO tokens, indicating that the company may be looking to invoke this feature in the future. Although being able to mint a virtually unlimited number of tokens without warning is already a significant red flag, it is perhaps less concerning than the fact that the smart contract includes provisions to delete anybody’s LEO tokens, no matter where they are held. On line 477 of the smart contract, a call to the “destroyTokens” function can be used to burn LEO tokens by simply choosing an address containing LEO tokens and specifying the number of tokens to delete by modifying the _owner and _amount parameters. to demonstrate this ability, Cointelligence deployed the contract on the Ropsten testnet and successfully deleted ten billion tokens from an address that they did not own. Not only this, but they were also able to mint a practically limitless amount of LEO tokens, demonstrating this by sending almost 1 Undecillion (that’s 1 billion^4) tokens to a testnet address in this transaction.

bitfinex

Absolute Power, Upgradeability, or Both?

Technically, this feature could be used to delete compromised funds, blacklist exchange wallets and essentially wipe out funds from any wallet, regardless of who owns it, giving iFinex absolute centralized control of the movement of LEO. In response to the concerns, Paolo Ardoino, CTO of Bitfinex had the following to say;
For security and future proof reasons we left the ability also to upgrade the Token Contract. That’s really a key feature for a contract that might live lot of years. Minting more tokens would just not make sense for Finex… like shooting our foot.
Although it is clear that the LEO smart contract was designed to be upgradeable, having such a centralized system certainly doesn’t adhere to the spirit of the new decentralized economy. Similarly, we find it hard to imagine why a company would need to include provisions to forcefully delete the holdings of other wallets, if not to use it for censorship or undoing the immutability of transactions. What is your opinion on the Unus Sed LEO Token? Does the recent news alter the long term viability of the project? Let us know your thoughts in the comments!
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Daniel_userpic_basic.jpg
Daniel Phillips
After obtaining a Masters degree in Regenerative Medicine, Daniel pivoted to the frontier field of blockchain technology, where he began to absorb anything and everything he could on the subject. Daniel has been bullish on Bitcoin since before it was cool, and continues to be so despite any evidence to the contrary. Nowadays, Daniel works in the blockchain space full time, as both a copywriter and blockchain marketer.
READ FULL BIO
Sponsored
Sponsored