AvengerDAO July 31st Weekly Report



AvengerDAO July 31st Weekly Report

Disclaimer: The information provided through the BNB Chain community does not constitute advice or recommendation for investment or trading. Projects are listed in no particular order below. BNB Chain does not take responsibility for any of your investment decisions. Please seek professional advice before taking financial risks.

AvengerDAO is a community-driven initiative created to protect the users and projects on BNB Chain from malicious actors and activity. AvengerDAO publishes a list of risk projects and addresses on DappBay Red Alarm every Friday.

By actively identifying and flagging such items through DappBay’s Red Alarm, AvengerDAO can help users identify high-risk BNB Chain dApps with the level of risk, the risk description, and other important risk details. Web3 users can safely navigate BNB Chain dApps while staying safe.

Security Incidents

HashDit is an industry-leading blockchain security company that focuses on building a safe ecosystem for both protocol users and smart contract developers on BNB Chain. HashDit is member of AvengerDAO. HashDit’s analysis shows that there were 12 security incidents that happened in the week of July 21th, 7 of which were hacks and 5 were Rugpulls.

Protocol NameAttack VectorLoss
USDPHack$900,000
DefilabsRugpull$1,500,000
CarsonFlashloan$143,000
SUTFlashloan$10,000
LayerZero(fake)Rugpull$116,000
IEGTRugpull$1,140,000
PalmswapHack$901,000
Meta_labzHack$74,000
BTCMTHack$9,000
PuppyDogeFlashloan$1,600
POPEYERugpull$240,000
VDONRugpull$70,000

Lessons Learned

Rugpull projects attract liquidity by incentivizing users to provide their funds to the liquidity pool, which allows others to trade the token. However, malicious actors ultimately intend to drain the liquidity and steal the funds. Don’t dive in blindly! Using DappBay’s Risk Scanner https://dappbay.bnbchain.org/risk-scanner, one can check if there are such risks. HashDit is also emphasizing the importance of “How to identify the rug-pulls?”

Red Alarm Weekly Highlights

AvengerDAO publishes a list of risk projects and addresses on DappBay Red Alarm every Friday.  If you have questions or feedback for below risk highlights, please contact here.  

Newly Detected High-Risk dApp Projects

CategoryDescriptionSpotted Project This Week
Ponzi or potential Ponzi dAppsPonzi schemes lure investors with the false promise of extremely high returns.Staker cafe 
Phishing dAppsPhishing usually forges legitimate web pages to trick you into entering your private keys or authorizing transactions that you don’t understand. Defi labs
Pvcmeta
Aitchain
Solartechnoalliance
Magewars
Babydoge2
Trust-defi.link
Squid2.network
Trust-url.com
arkhamintelligence.cloud
Honeypot dAppsA honeypot is a way of trapping someone’s crypto. A scammer creates a new coin and through the code, enables the ability for only their wallet to withdraw funds. A user only realizes that it’s a honeypot when the user tries to withdraw their funds, and they can’t.
Backdoor methods or potential backdoorA backdoor in crypto is similar to a backdoor being a weak spot in a castle’s defenses. Backdoors are built purposefully into the smart contract with the intention of bypassing security.MMSCash
Phishing
High fees High token fees are fees incurred when buying, selling, staking, or withdrawing tokens from a dApp. High fees both ways mean users incur the cost of the transaction. 
Lack of documentation and whitepapersA lack of documentation and whitepapers can most likely indicate a risky dApp.
Unverified contracts Unverified contracts make it difficult for users to read the source code, analyze the logic or conduct due diligence. However, not all dApps with unverified contracts are causes for concern as dApps can work on verifying their smart contracts.ARK
Websites do not work or work properlyIf websites, dApps, or platforms don’t work or work as intended, then there is a certain level of risk associated with using them.
Anonymous TeamsAnonymous teams and developers don’t always mean that a dApp is risky. Satoshi Nakamoto, the creator of Bitcoin, was an anonymous developer. However, several risky dApps share a common theme of anonymous teams or people. 
Imposer dApps A scammer creates a fake dApp with an identical name, logo, description, etc. However, the contracts of the fake dApp differ from the original. Unsuspecting users mistake the fake token for the original when interacting with it.Pepesaga.network
richpepeai.network

Newly Detected High-Risk Address

AvengerDAO members offer APIs to  check the security of a contract to be interacted with or get relevant information such as potential risks of a specific address to perform due diligence. AvengerDAO API gives a comprehensive evaluation of each address. We advise you to regularly check with these APIs when receiving an airdrop for a certain token, or interacting with the contracts that they want to invest in.  https://dappbay.bnbchain.org/risk-scanner is integrated with these APIs. Please have a try!

The latest high-risk addresses detected from Weekly Scan.

No.BSCScan Link WAU
1https://bscscan.com/address/0x7d052ea1d52cc92f932f89236abfad64d544795a 29341
2https://bscscan.com/address/0x000011387eb24f199e875b1325e4805efd3b00000x000011387eb24f199e875b1325e4805efd3b0000 4144
3https://bscscan.com/address/0xe9aa536d373adc29d0a40788eb29b706ea101413 3184
4https://bscscan.com/address/0x9a703326e8ac3f2a08fe012f36a1ec8b0d2d47a1 2866
5https://bscscan.com/address/0xbbe86d676fed08c0d99815f4dea649363bb92922 2803

All the addresses are listed here.

Latest Risk Remediation – TVL >1M$ Projects

AvengerDAO is actively scanning high TVL projects and. This week, 12  TVL >1M$ projects are identified with potential risks and all have been resolved. X  c are identified with potential risks and X have been resolved. Most of the issues are due to a lack of multi-sig wallet setup. We recommend projects to study the Web3 Risk Framework to learn more about best practices.

Stay Safe – DYOR (Do Your Own Research)

BNBChain community has publish this detailed guides for crypto users to identify scam projects. Here are some tips:

  • Do not rely solely on social media channels and forums for information. You should search a new project on Red Alarm before interacting.
  • A thorough DYOR process includes studying the project’s whitepaper, checking its codebase, engaging with its community, and assessing its market potential.
  • Use reliable tools and sources to aid your research, such as CoinGecko, CoinMarketCap, Etherscan, reputable news outlets, project websites and blogs, and academic articles.
  • Protecting your investment from scammers is as important as identifying the next lucrative crypto project. Always err on the side of caution when in doubt.

About AvengerDAO

AvengerDAO is a community driven initiative that protects users from possible exploits, scams and malicious actors on BNB Chain. The founding members of AvengerDAO started this because BNB Chain is the largest public chain today, and the larger the community, the greater the responsibility.

Our goal is to protect users from financial losses and malicious contracts. Deter malicious actors and notify BNB Chain’s users. We aim to enhance further adoption by setting an industry standard for safe practices and raise awareness on safety and security in the ecosystem.