ShibaSwap Staking Contract May Have Critical Design Flaw: Ex-Santiment CTO

Vladislav Sopov

Yet another DeFi project may have a backdoor for a potential “rug pull,” according to blockchain veteran Valentin Mihov


Valentin Mihov, blockchain developer and former chief technology officer of on-chain data vendor Santiment, disclosed a critical flaw in the staking contract of newly-launched dog-themed exchange ShibaSwap.

A minimum viable rug?

Mihov shared some alarming details of ShibaSwap’s codebase, a novel decentralized exchange focused on overhyped meme token Shiba Inu (SHIB).

The platform offers up to 5,000 percent in annualized yield to SHIB stakers. Meanwhile, its staking contract is controlled by an externally owned address (EOA). Thus, its owner can drain the entire liquidity of the exchange.

This flaw makes SHIB staking prone to exit scams and manipulations:

All the staked funds can be rugged by the devs at any moment #WarOnRugs

Banteg (@banteg), a core developers of leading decentralized financial protocol Yearn.Finance (YFI), called this flaw a ‘minimum viable ShibaSwap rug’ as its multi-million liquidity can be easily stolen by one account on the Ethereum network.

Here’s how ShibaSwap team mitigates the issue

At 2 p.m. UTC, Banteg reported that he was reached by the ShibaSwap team. According to their statement, the control of the contract was transferred to a multi-signature account that requires 6 out of 9 private keys to authorize a transaction:

ShibaSwap devs reached out and transferred the owner role to a 6/9 multisig. They also informed they plan to deploy a timelock. The above concern has been addressed.

Also, the team shared plans to introduce a time lock mechanism, which controls token spending in a pre-determined way.

Right now, ShibaSwap is being audited by a top-tier blockchain security vendor CertiK.