DSR DeFi Secrets Revealed ---> Rug pull, what it is and how to prevent it.

in #hive-1679223 years ago

image.png

ICOs, which had taken over almost the entire crypto landscape in 2017 when it came to scams, have now gone out of fashion and are giving way to DeFi.

Based on the same principle as Ponzis, fraudulent DeFi platforms come with astronomical rewards and off-the-charts earning possibilities.

The unfortunate, tempted by the easy money, commits a certain amount of money; other "unfortunates" are likely to do the same.

When the nest egg is large enough, liquidity begins to drain away.

This fraudulent maneuver is called Rug Pull.

The bad thing is that it is difficult to recover even a small part of the liquidity!

Other fraudulent systems, always used in the DeFi environment, are the token pumps to entice the purchase and the consequent immobilization through trading pairs on the investigated platform.

Suddenly the fraudsters dump the token and sell everything: you are left with nothing, the pages are closed and it is almost impossible to recover your tokens.

How can we defend ourselves from these scams?

The possibilities of defense exist, starting from the simplest, dictated by a severe and thoughtful MM.

Let's say that they are more of the preventions we can adopt to avoid burning money; more than the maneuvers to be applied as a last resort.

We check well the TVL (Total Value Locked) and the rewards they promise according to the various farms and the funds allocated in each one.

Many times they promise rewards with 3 zeros (sometimes even more): they could be reliable, but it is necessary to verify well the funds present in the farm and at that point decide if it is worth it or not.

Usually there are farms with no more than 15-20$ allocated liquidity and as soon as we add another handful of coins, the rewards fall up to half a percentage point!

Having done this rough check we can get into the heart of the platform checking other fundamental parts.

A platform that does things right must have 3 contracts.

  • The contract that creates the tokens;

  • The Masterchef contract;

  • The timelock contract.

If one of these contracts is missing, it is necessary to investigate further by verifying whether audits have been done and with what result.

The verification of the smart-contract is done by the BSC (in case they are BEP-20 tokens) and is marked with a small tick in the Contract tab.

Below is an example.

image.png

The presence of the Masterchef contract is very important, because it is the engine of all the platform farms.

The Masterchef also manages the smart-contract of the native token of the platform; reading the code of the Masterchef it is also possible to find eventual bugs or malicious commands against the pool.

Always inside Masterchef it's possible to understand if the reward tokens are expendable or not: clearly they must be expendable, otherwise it's a malicious code inserted by the authors.

Obviously few of us are familiar with the queries that are used, so the main check that needs to be done is to verify the presence of the BSC checkmark.

Last contract that limits fraudulent movements is TimeLock.

Through this contract, all changes to the Masterchef cannot be applied immediately, but have a time before they take effect.

Let's suppose that the programmers want to change the withdrawal fees from 2% to 100% (scamming in a resounding way!!), through the TimeLock, they are not forbidden, but depending on how it has been set, it will be active after the set time has passed.

Let's assume it's 24 hours, the change to Masterchef will be active 24 hours after the change; in this way, users are protected and can withdraw their funds with 2% fees.

As we could see in this article, DeFi has certain weaknesses related to scams, but even in this case we can defend ourselves because all the control tools are active and can be used without any problem.

Even before entering into the various platforms without the slightest knowledge, I recommend consulting the rugdoc.io page, where the calendars of the upcoming farms and a ranking based on the risk inherent in each farm are compiled.

@samminator , @bagofincome, what do you think about this?

For any advice or request, write in the comments!!!