AvengerDAO: August 7th Weekly Report

AvengerDAO: August 7th Weekly Report

Disclaimer: The information provided through the BNB Chain community does not constitute advice or recommendation for investment or trading. Projects are listed in no particular order below. BNB Chain does not take responsibility for any of your investment decisions. Please seek professional advice before taking financial risks.

AvengerDAO is a community-driven initiative created to protect the users and projects on BNB Chain from malicious actors and activity. AvengerDAO publishes a list of risk projects and addresses on  DappBay Red Alarm every Friday.

By actively identifying and flagging such items through DappBay’s Red Alarm,  AvengerDAO can help users identify high-risk BNB Chain dApps with the level of risk, the risk description, and other important risk details. Web3 users can safely navigate BNB Chain dApps while staying safe.

Security Incidents

HashDit is an industry-leading blockchain security company that focuses on building a safe ecosystem for both protocol users and smart contract developers on BNB Chain. HashDit is member of AvengerDAO. HashDit’s analysis shows that there were 5 security incidents that happened in the week of August 4th, 1 of which were hacks and 4 were Rugpulls.

Protocol NameAttack VectorLoss
Ellipsis EPX Pools – Horizen Finance Vyper Compiler Reentrancy$73.8k
TT TokenRugpull$68.3k
NFT_SalesRoom (ASN)Rugpull$680k

Lessons Learned

  1. Ellipsis EPX Pools were drained due to an old Vyper compiler version being used v0.2.15-0.3.0, which allowed attackers to perform reentrancy. It is critical for users and developers to keep up to date with the recent Smart Contract versions and be extra wary when interacting with old and outdated versions.
  2. Rugpull projects attract liquidity by incentivizing users to provide their funds to the liquidity pool, which allows others to trade the token. However, malicious actors ultimately intend to drain the liquidity and steal the funds.

    In such situations, the project party usually has large centralization over the contracts. For example, they might have a large amount of the project’s tokens or be able to mint a large amount of tokens, essentially performing a backdoor to your funds.

    Don’t dive in blindly! Using DappBay’s Risk Scanner https://dappbay.bnbchain.org/risk-scanner, one can check if there are such risks. HashDit is also emphasizing the importance of “How to identify the rug-pulls?”

Red Alarm Weekly Highlights

AvengerDAO publishes a list of risk projects and addresses on DappBay Red Alarm every Friday.  If you have questions or feedback for below risk highlights, please contact here.

Newly Detected High-Risk Address

AvengerDAO members offer APIs to  check the security of a contract to be interacted with or get relevant information such as potential risks of a specific address to perform due diligence. AvengerDAO API gives a comprehensive evaluation of each address. We advise you to regularly check with these APIs when receiving an airdrop for a certain token, or interacting with the contracts that they want to invest in. https://dappbay.bnbchain.org/risk-scanner is integrated with these APIs. Please have a try!

The latest high-risk addresses detected from Weekly Scan.

No.BSCScan Link WAU
1https://bscscan.com/address/0xffe811714ab35360b67ee195ace7c10d93f89d8c 120410
2https://bscscan.com/address/0x685bfdd3c2937744c13d7de0821c83191e3027ff   17553
3https://bscscan.com/address/0x4fe59adcf621489ced2d674978132a54d432653a 14631
4https://bscscan.com/address/0xce93f9827813761665ce348e33768cb1875a9704 6823
5https://bscscan.com/address/0xb0fb5739da1198329b0241cb6721da22805cbecc 4686
6https://bscscan.com/address/0x65efb57c57c0b870f378ba08ee6ba305ca14491f 4499
7https://bscscan.com/address/0x2d1cfbb3468f78f916cca25f050d44b6115392e0/ 3880
8https://bscscan.com/address/0x2caa4694cb7daf7d49a198dc1103c06d4991ae52/ 3029
9https://bscscan.com/address/0x11a1764c877837921eca6f3f58cdbe9bcd4e9e5e/ 2723
10https://bscscan.com/address/0x98872a66d0749c720d8dc1a80d496b24b04ff7c5/ 2303
11https://bscscan.com/address/0xbecfd0bb03b34d973c0ee577d20a7f363a0e2094/ 2158

All the addresses are listed here.

Latest Risk Remediation – TVL >1M$ and TVL >500K$ Projects

AvengerDAO is actively scanning high TVL projects and. This week, 12 TVL >1M$ projects are identified with potential risks and 1 have been resolved. 9 TVL>500K$ projects are identified with potential risks and 1 have been resolved. Most of the issues are due to EOA wallet setup. We recommend projects to study the Web3 Risk Framework to learn more about best practices.

Stay Safe – DYOR (Do Your Own Research)

BNB Chain has published detailed guides for crypto users to identify scam projects. Here are some tips:

  • Do not rely solely on social media channels and forums for information. You should search a new project on Red Alarm before interacting.
  • A thorough DYOR process includes studying the project’s whitepaper, checking its codebase, engaging with its community, and assessing its market potential.
  • Use reliable tools and sources to aid your research, such as CoinGecko, CoinMarketCap, Etherscan, reputable news outlets, project websites and blogs, and academic articles.
  • Protecting your investment from scammers is as important as identifying the next lucrative crypto project. Always err on the side of caution when in doubt.

About AvengerDAO

AvengerDAO is a community driven initiative that protects users from possible exploits, scams and malicious actors on BNB Chain. The founding members of AvengerDAO started this because BNB Chain is the largest public chain today, and the larger the community, the greater the responsibility. Our goal is to protect users from financial losses and malicious contracts.

We aim to enhance further adoption by setting an industry standard for safe practices and raise awareness on safety and security in the ecosystem.