A team of blockchain security analysts at Chains Guard recently made public that a third party ERC-20 smart contract code being used by one of their teams was secretly transferring customer funds to an unknown wallet.
According to Zer0Man, a security analyst at Chains Guard, the smart contract was supposed to make a transfer of funds between two addresses, but the contract also included code to execute an additional transfer to a wallet owned by the smart contract writers, of a 1% of the overall amount of the operation.
Although this could be considered a transfer commission, after a research performed by the security consulting company, it was confirmed that the contract provider did not stated this commission or fee anywhere, therefore it was being charged illicitly to the customers in a type of hidden backdoor in the smart contract.
This example highlights the need of security auditing of 3rd party smart contract, and the convenience of self-deployment of smart contracts in order to ensure that the service provider remains on top of what is being executed by the contract.
CYBAVO VAULT allows the deployment of ERC-20 smart contracts within the platform in few easy steps. After developing a smart contract, a service provider only needs to generate the byte code and the ABI code from the source code, select an Ethereum wallet to cover the contract deployment fee and deploy the contract in the Smart Contract deployment section in CYBAVO VAULT.
CYBAVO VAULT also provides a batch transaction feature that can be used by token issuers and exchanges to perform token airdrops to their customers.
With these features, service providers can automatize their transfer operations while remaining in control of the code and the actions being performed by their own contracts, avoiding unpleasant and costly surprises as the case highlighted above.
Learn how CYBAVO VAULT can help streamlining your crypto asset operations and try it for free today.