Analysis of SQUID’s Current Admin Status and Risks by Fairyproof
Last week, we witnessed the exploitation that happened to SQUID. This exploitation involved the trading pair of SQUID-BNB on PancakeSwap…
Last week, we witnessed the exploitation that happened to SQUID. This exploitation involved the trading pair of SQUID-BNB on PancakeSwap and the staking contract of the project. Approximately $12 million of crypto-assets were exploited in this incident.
Most of the reports on this exploitation only covered the details about the number of crypto assets exploited from the SQUID-BNB trading pair but barely covered the details about the number of funds exploited from the staking contract. The vulnerability that caused the latter loss was that the admin’s private key was compromised. And it is evident that the vulnerability STILL exists in the currently deployed contract.
Days later after the incident, the price of SQUID was dramatically pumped again. Along with this hype, there are some rumors saying that the admin’s access control to the contract has been frozen.
After Fairyproof’s tech team got these rumors, the team immediately did thorough investigations on this and is quite certain that the admin’s access control has NOT been frozen. That is to say, the admin is still able to redeploy new contracts which might be malicious and perform unexpected actions which could rug token holders.
The token contract ’s address on BSC is:
0x87230146E138d3F296a9a77e497A2A83012e9Bc5.
It is easy to verify that the deployed contract on BSC is not the SQUIDToken contract but the SQUID contract instead (putting a SQUIDToken contract and a SQUID contract on the same file is highly suspicious). The SQUID contract is upgradeable and is not an ERC-20 token.
Here is the SQUID contract’s code section:
The green-marked code is the admin’s slot. And what is the address of this admin? We can get it by running the following script:
After the script was run, we obtained the following information:
admin_info: 0x0000000000000000000000006bdb3b0fd9f39427a07b8ab33bac32db67eb4e38
admin_address: 0x6BdB3b0fd9F39427a07b8ab33Bac32Db67EB4E38
impl_info: 0x000000000000000000000000f41bd7d47c8589662e852ace26c99623fac9c05f
impl_address: 0xf41bd7d47c8589662E852AcE26C99623fAC9c05f
Obviously, the admin’s address is:
0x6BdB3b0fd9F39427a07b8ab33Bac32Db67EB4E38.
This admin’s access control is not revoked or frozen like some rumors say. And BSC does NOT have a function to freeze this address.
The initial gas that this admin obtained on BSC came from an AscendEX Hot Wallet’s address:0x986a2fCa9eDa0e06fBf7839B89BfC006eE2a23Dd.
On a BSC explorer, we can see this address did quite a few transactions just these days:
The green-marked transaction was a contract upgrade action that happened right after the exploitation and the address was updated to:
0xf41bd7d47c8589662E852AcE26C99623fAC9c05f which is the “impl_address” shown above.
All the information speaks volumes for the fact that the admin is still active and can still do whatever he/she wants to do.
Again, Fairyproof’d like to warn all potential users who intend to invest in this toke to be cautious and careful.