More Insights into the Squid Game Crash
We reviewed the incident that happened to Squid Game(SQUID) further and encapsulated more insights for your reference.
We reviewed the incident that happened to Squid Game(SQUID) further and encapsulated more insights for your reference.
Here is its staking contract’s source file that can be verified via Bscscan:
Contract Address 0x56f8b3ef32f822684d0c1d24c9260de9654932b3 | BscScan
The Contract Address 0x56f8b3ef32f822684d0c1d24c9260de9654932b3 page allows users to view the source code…bscscan.com
In this source code, there are two contracts defined. One is a “contract MastorChef is Ownable” and the other is a “contract MasterChef is ApprovedEngine”. The names (“MastorChef” and “MasterChef”) of these two defined contracts are only different in one letter (“o” and “e”).
The “MastorChef” contract is a forked contract from Sushi’s staking contract. The “MasterChef” is an upgradeable proxy contract that eventually calls an implementation contract that is defined by the address stored in the “SIR_SLOT” slot. The address stored in the slot can be modified by the “approveTo” function.
If MasterChef’s implementation contract is pointed to a malicious contract, and when MasterChef is called, all the tokens in the staking pool would be exposed to huge risks.
In addition, Squid Game’s token contract is upgradeable and uses an implementation contract as well, which also would introduce similar risks.
Furthermore, the gases that were used to launch the transactions were from Tornado.Cash which is a mixing app usually used to protect privacy.
Prominently, investor or participants should factor in the aforementioned points prior to investments.