Having a due diligence done by a competent firm is a must have for any project, and with the expertise of QuillAudits it will be done flawlessly. The due diligence process for Rug Pull is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and the best possible ways to mitigate them.
Ever since their introduction, cryptocurrencies have attracted the eyes of investors and hucksters alike. Though the crypto space is characterized by some institutional investors and thin liquidity, it is also rife with scammers.
Rug pulls are quite common in DeFi because it is not regulated like the stock market. High APYs and APRs and 100x returns are alluring for new investors.
Rug pull is derived from the phrase “to pull the rug out from under someone”, In the crypto space, rug pull is described as a situation wherein the developers of a crypto project pull out support, thereby leaving the investors and users with worthless tokens.
Rug pulls occur because decentralized exchanges (DEXs) – unlike centralized exchanges (CEXs) – do not audit or verify tokens being listed on them. Anyone can list a cryptocurrency on DEXs, irrespective of whether it’s legit or not. Though there are various ways a scammer can pull out rug using DEXs, they are categorized into mainly three:
Investors as well as institutions looking for high gains should carefully infuse the funds considering the possible risk scenarios.
Exchanges in the Blockchain ecosystem are in a hurry to whitelist new tokens that could be risky considering its volatile nature.
They can take advantage by self-evaluating their strengths & weaknesses, and can discover valuable associates by examining the market.
Migrator functions, proxy functions, unverified contracts, unusual EOA powers, Hardcoded wallet address, also check for concrete proof whether a dev has pulled off malicious scams previously or not.
Check for the owner/admin capabilities along with the owner/admin type, Whether it is a time lock or it is owned by multiple or single entities(Multi-sig wallet).
Check the usual Masterchef Migrator Code, what dependencies could be changed. Some scams switched the Masterchef or the router to an unverified Masterchef or router to steal the locked money.
Some projects don’t add constant (defined) fees as max fee allowed. In this case, the project wonders could unstake fees to 100% and steal the user-funds.
All potential issues are highlighted in the audit report submitted to the project.
Issues are clearly highlighted with explanations in the report including what functions could be hazardous in the future.
All audit reports are produced in-house by highly qualified industry professionals at QuillAudits.
Thorough Rug-pull diligence is carried out by experienced & qualified experts at QuillAudits in a very cost-effective manner.
Between 2012 and 2019, approximately $700 million was lost to hackers, with a low 0.2% recovery rate.
In 2020, $300 million was lost to hacks, but $55 million was recovered with an 18% recovery rate.
In 2021, Web 3.0 saw an immense loss of $2.3 billion, but $652 million of the funds were returned to victims, the highest recovery rate to date.
In 2022, Web 3.0 projects lost ~$4 billion to hacks, scams, and exploits, surpassing the total funds lost between 2012 and 2020.
Very professional and timed delivery. Also very prompt in responses and queries.
The team is very supportive and they were able to work as per our requirements
QuillAudits did a great job with our audit, was very professional and provided quick service
QuillAudits provided security enhancements for Polygon projects, earning positive feedback for their prompt and high-quality service as an auditing partner.
Visit our help centre to clear out any doubts you may have regarding our partnership program.
In the Cryptocurrency market, the term ‘rug-pull’ means a malicious act in which owners of a crypto project abandon it after stealing investors’ money.
DeFi & NFT Hacks, CTFs, and Blockchain Security Insights Straight to your Inbox. Explore our weekly newsletter: HashingBits. Stay updated on everything we’re publishing. Stand a step ahead.