Share this page!

DefiRobot.ftm Profile picture
Twitter logo
May 24 16 tweets 17 min read
In a continued effort to help my buddy @0xLosingMoney whittle down his overflowing inbox, today I am going to do a quick layman's "security audit" for @SphereDeFi .

Okay...so here's some crazy analysis shit.

🕵️‍♂️/1
@0xLosingMoney @SphereDeFi As usual I add the disclaimer I am NOT a Solidity developer so I am only looking for glaringly obvious issues. Also, this is NOT a deep dive into the project, only a look into whether any security issues exist that investors should be aware of.

OK, let's get into $SPHERE

🕵️‍♂️/2
@0xLosingMoney @SphereDeFi First step (as always) is to check the @Token_Sniffer. There are a couple of issues with this one, however, that I'll address.

First, this appears to still be bringing up the V1 token, so it can't see the new liquidity.

🕵️‍♂️/3
@0xLosingMoney @SphereDeFi @Token_Sniffer $SPHERE actually has over 3mil in liquidity available on Tetuswap.

The other issues are fee modifiers and ownership renounce...

🕵️‍♂️/4
@0xLosingMoney @SphereDeFi @Token_Sniffer All #autostaking #rebase tokens have buy and sell fees. This is part of their model.

And most do not renounce ownership...I've been told this is because of the need to change fee structures.

Ok, let's move on then...

🕵️‍♂️/5
@0xLosingMoney @SphereDeFi @Token_Sniffer Next we look at the audit. It looks like Sphere got TWO audits actually.
Here are the major issues from @CertiK. It looks as if all three are issues with owner controls and centralization.

🕵️‍♂️/6
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK And as you'll see Sphere's response was to incorporate a 4/8 Gnosis multisig. This multisig is on the entire contract, so it keeps both the funds safe as well as mitigates contract changes.

🕵️‍♂️/7
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK On the other audit there was an issue with a fee modifier being left out of the total fee. Anyone that remembers the MaxAPY rug knows that is dangerous.

Thankfully, Sphere addressed it and changed it.

🕵️‍♂️/8
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK So far the only issue I can see that someone may legitimately have is the amount of owner controls. But again, this is protected by a Gnosis contract.

🕵️‍♂️/9
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK Next we'll look at holders. Unfortunately I couldn't find any pie chart that laid out allocations or tokenomics (tsk tsk), but in holders, the main contract is the Gnosis safe. The number two holder with 5% is also a contract. And no private wallet holds a large percentage

🕵️‍♂️/10
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK Beyond that the team is KYC'd (I know I know, that doesn't mean much these days) but more than half of their Multisig signers are doxxed.

I also dug into the contract itself on polygonscan. Again, I'm not a developer but I looked for the usual stuff...

🕵️‍♂️/11
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK There are a lot of modifiers, but none that give permissions to weird functions (besides, the contract owner isn't renounced anyway so they wouldn't have to do it this way).

There also weren't any weird functions or extra variables in constructors.

🕵️‍♂️/12
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK Whois info didn't tell me much, and I couldn't find any job postings (but there are a ton of companies on Google with Sphere as a name so I could've just missed it).

BUT...

🕵️‍♂️/13
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK My understanding is that @simsalacrypto founded Sphere, and he is a respected community member. Not only that but very trustworthy people in the space trust him.

This is a very good sign in my opinion.

🕵️‍♂️/14
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK @simsalacrypto Overall I would have to say that @SphereDeFi looks like a legitimate project with no serious security issues.

Yes, the contract owner has a lot of control, but it is all mitigated by a robust multisig. Beyond that everything appears in order.

🕵️‍♂️/15
@0xLosingMoney @SphereDeFi @Token_Sniffer @CertiK @simsalacrypto Sphere also has an active Discord where communication is regular as well as a Youtube channel, so there are plenty of opportunities to interact with the team and get questions answered.

So I give Sphere a passing grade on this "security audit."

Cheers

🕵️‍♂️/finis

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with DefiRobot.ftm

DefiRobot.ftm Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @RobotDefi

DefiRobot.ftm Profile picture
May 25
🚨WARNING: DO NOT TRADE BSC TOKENS LESS THAN 24HRS OLD🚨

I'm seeing influencers teaching this "degen trading strategy" but it's really just a way to lose your money. 98%+ of these tokens are scam tokens!!

Here's a quick thread.

🧵/1
First, the reason I'm posting this is because I've seen multiple "influencers" push this as a strategy, claiming they 2x, 3x, 10x their money in "less than X minutes"

And I know that's total bullsh!t

🧵/2
How do I know?

Because I legit spent nearly 2 months FULL TIME building a strategy around this only to discover it can't be done.

Let me explain...

🧵/3
Read 17 tweets
DefiRobot.ftm Profile picture
May 23
Did you know that the wealthiest 10% of Americans own 89% of stocks held?
(Read about it here: fool.com/research/how-m…)

This is why I’m so passionate about #DeFi.

🧵/1
DeFi is essentially financial institutions, assets, and services that are not controlled by a centralized entity.

Why is this good? Because it means it’s not gate-kept by the elite.

🧵/2
With a DeFi wallet you can participate in investing, lending, borrowing, leveraging, and even participate in governing incentive programs.

And there’s no barrier to entry.

🧵/3
Read 6 tweets
DefiRobot.ftm Profile picture
May 23
On-chain "Audit" of PLAYA3ULL GAMES @PLAYA3ULL

My partner in on-chain P.I. work @0xLosingMoney has been getting a lot of requests for an on-chain look into projects...and he can't really handle ALL of them. So I'm giving him a hand.

Let's dive into $3ULL

🕵️‍♂️/1 Image
@PLAYA3ULL @0xLosingMoney First and foremost I need to state the following:

I am NOT a Solidity developer, so my knowledge on what to look for in a #smartcontract is limited.

Also, this is not a deep dive into the project, but only a look at potential security issues.

🕵️‍♂️/2
@PLAYA3ULL @0xLosingMoney OK, the first place I always start is @Token_Sniffer

The contract scores a 60/100...which is actually really good. The only issue is that the liquidity isn't locked.

Yes, locked liquidity DOES protect from #rugpulls BUT...

🕵️‍♂️/3 Image
Read 16 tweets
DefiRobot.ftm Profile picture
May 18
#DeFi 101 for normies
Today we're going to talk about Bridging

This was inspired by my homie @DeFi_naly who put together an excellent newb-friendly thread on LPs.

And also by @0xLosingMoney who tweeted yesterday about how hard it was to explain bridging to a friend.

🧵/1
@DeFi_naly @0xLosingMoney OK, let's get into it.
This thread is for you to send to your grandma or other normie fam who just don't understand DeFi concepts.

Bridging...WTH is THAT?

DeFi natives know this is when you take an asset from one chain to another.

But let's simplify that a bit...

🧵/2
@DeFi_naly @0xLosingMoney First, let's imagine #crypto as actual currencies. Just like USD, JPY, GBP, etc.

Each blockchain is like another country with it's own native currency.

Now lets say you got your hands on some Euros.

🧵/3
Read 12 tweets
DefiRobot.ftm Profile picture
May 17
☠️Rainship NFT Post Mortem☠️

I was never a holder of an Anchor Pass NFT, but last night Rainship was requesting assistance in how to handle a contract exploit.

The damage is, unfortunately, done. But here is what I found...

🧵/1
So, I don't know all the details of the relationship between the person/people that now own the contract and their developer(s).

But, apparently the main dev ghosted the team and started draining holder's wallets of their $DAI.

but HOW?

🧵/2
Well @RainShipNFT had already identified the most likely culprit in the code, but couldn't figure out exactly what was going on.

Here's the code 👇

🧵/3
Read 16 tweets
DefiRobot.ftm Profile picture
May 16
Ok, so we've already gone over how to find micro-cap's ripe for scalping...

(here it is again in case you missed it: )

Now let's talk about a couple of actual strategies. Here's a thread (31 tweets) on using charting indicators for scalping.

🧵/1
First, I want to discuss a couple of my ground rules.
1. I don't do leverage (right now).
2. I don't short (right now).

This means I'm only looking for upward momentum so I can buy.

So I preface this by saying that in bear markets this can be more challenging.

🧵/2
So step one, I'm looking at the daily chart to determine the overall trend. I really want an obvious upward trajectory, but a solid rebound from a downturn works too.

What that means is, NO TRADING CHARTS THAT LOOK LIKE THIS! ⬇️

🧵/3
Read 33 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(