It has been a devastating day for DeFi as we see multiple projects being exploited in a single hour. Many projects continue to be vulnerable to such attacks and exploit.
SeedMoney Finance has done its due diligence to understand how the exploit was performed and how we can instill investors' confidence by taking the necessary prevention measures to safeguard SeedMoney Finance from such an exploit.
How did it Happen?
Most yield farm uses a MasterChef contract to distribute rewards, perform deposit and withdrawal of LP tokens. It has always been done like this with no issue until tokens with transfer tax come into play.
Most MasterChef contract that is forked from Panther accounts only for the Transfer Tax on the native token pool. Hence, you can only withdraw the amount you deposited, minus the transfer tax.
You can clearly see that MasterChef only accounts for the transfer tax if the pool is its native token. There is no wrong with such a design by Panther as the only pool that has transfer tax was their Native PANTHER Token. The exploit came when farms started having partnerships, and more pools were added to the MasterChef that has a transfer tax, but the MasterChef was not able to account for that. Users were able to withdraw more than they have deposited, allowing such an attack to happen.
This was what happened to the exploited farms as they have added pools with transfer tax other than their native tokens. PantherSwap, the original creator of the MasterChef, remains safe from such an exploit as the only pool with transfer tax is PANTHER, which has been accounted for in their MasterChef.
How will SeedMoney Finance Prevent such an Exploit?
Our design of our MasterChef is also largely similar to PantherSwap and we will take prevention methods to ensure that the only pools with transfer tax added will be our Native Token Pool (SEEDS). This way, we would be in the same position as PantherSwap, and remain safe from such an exploit.