en
Back to the list

Bitfinex can destory your LEO tokens whenever they like, say reserchers

source-logo  chepicap.com 08 July 2019 13:00, UTC

A smart contract audit undertaken by crypto research and analytics firm, Cointelligence, has revealed a few, quote “scammy abilities” within Bitfinex’s incipient LEO token, (or Unus Sed LEO to give it its full name) including the function to destroy tokens bellowing to any address holder…

Using the Ropsten test net researchers were able to delve into the ins and outs of the LEO token and see what it was really made of.

Playing god

One of the most comprising findings within the audit was the fact that the “controller contract” which controls the LEO smart contracts can effectively play god with LEO, including being able to generate tokens at will. The controller can do so through the aptly named function “generateTokens,” essentially enabling the ability to mint an unlimited amount of LEO tokens.

In order to prove this, the researches sent 1,000,000,000,000,000,000,000,000,000,000,000,000 LEO (that’s around one undecillion - aka one trillion trillion trillion) to an address on the Ropsten testnet:

However, the biggest revelation of this audit by far, was the uncovering of the “destroyTokens” function, a function which allows the contract controller to, (you’ve guessed it) destroy LEO tokens.

However, this isn’t confined to tokens within the controller address but instead any token address containing LEO.

“The function “destroyTokens” on 477 enables the LEO controller wallet to burn anyone’s LEO tokens including but not limited to the ones present in a centralized or decentralized exchange, a hardware or software wallet, hot or cold storage, and/or a paper or brain wallet. It doesn’t matter where your coins are, they can delete your coins if they want to. As simple as that,” reads the audit.

In order to prove this, researchers burned ten billion of the previously generated LEO from an address they had just sent it to.

For “security” reasons...

In response to this, Paolo Ardoino CEO of Bitfinex responded stating that the functions were in place for reasons pertainging to “security” and future-proofing:

“For security and future proof reasons we left the ability also to upgrade the Token Contract. That's really a key feature for a contract that might live lot of years. Minting more tokens would just not make sense for Finex... like shooting our foot.”

What do you think? Is LEO too centralized for you liking? Or do you think think that the functions are nessacry for future upgrades?

chepicap.com