Mastering the Art of Spotting Potential Rugs in Arbitrum Season

•

Arbitrum season is a double-edged sword. ArbiSwap RUGGED >$4M from their LPs. You must learn to spot novel ideas and dodge the rugs. Here's how you can Master the Art of spotting potential rugs with a simple tool. 🧵👇

Here's a gist of the thread: 1️⃣ Spotting flaws in ArbiSwap 2️⃣ How the rug played out 3️⃣ An overview of @DeDotFi - the magical tool 4️⃣ How to use their tools to protect yourself 5️⃣ Upcoming developments

1️⃣ Spotting flaws in ArbiSwap We'll enlist the help of @DeDotFi. The first thing we can do to spot a rug, is to use their "Scanner" which analyzes a project's smart contract for any suspicious details and flags them. de.fi/scanner

Next, we'll want to find the project's contract address. ArbiSwap has deleted their website, but their token address is still accessible on Arbiscan - 0x9dB8a10C7FE60d84397860b3aF2E686D4F90C2b7 Paste that into the Scanner and it should say "ArbiSwap". Click on that.

@DeDotFi scans for smart contract vulnerabilities, including common smart contract weaknesses and issues specific to DeFi projects. Here are the results:

Under Mintable Risk, a feature called "Timelock" and "Mint max supply" wasn't present. Timelocks add a delay before new tokens can be minted to prevent malicious activity. Mint max supply limits the max no. of tokens that can be minted.

2️⃣ How the rug played out Without a mint limit, the contract owner minted 1T ArbiSwap tokens and proceeded to swap it for $109K USDC in the LP. Other pools met a similar fate. The owner's address: 0x8a60f91178da2F9de3D7a825380B7CE03933724F

In the end, 84ETH (~$150K) was rugged and bridged to mainnet via Multichain.

After that, it was sent to Tornado Cash

I'm no mochi or zachxbt-level on-chain analyzooor, but with a simple copy-paste of the contract's address, I found: • Token mint risk with no timelock • Dumping risk with an address holding 66% • The owner's address is the largest holder

3️⃣ The Magical tool in question @DeDotFi is a free-to-use web3 security superapp aimed to address the security issues and usability challenges associated with DeFi.

4️⃣ How to use their tools to protect yourself I previously made a thread covering their scanner/shield applications and how they work. Check it out here 👇 twitter.com/0xsurferboy/status/1637068848016031746?s=20

TLDR; • Scanner - Provides analysis of smart contracts, targeting both common and DeFi-specific vulnerabilities. • Shield - Security feature that protects users from malicious smart contracts by showing all contract approvals and allowing users to revoke access.

• Audit Database - A repository of smart contract audits done by popular audit firms and by @DeDotFi • REKT Database - Compilation of known scams and exploits to help users identify threats by cross-referencing scanned contracts.

5️⃣ Upcoming developments DeFiChain, their native delegated PoS blockchain enabling decentralized verification and validation of smart contract security.

It relies on a network of Indexers (node operators), Contributors (developers and auditors), and Delegators (token holders) who collectively participate in the decentralized verification process and earn rewards in $DEFI tokens.

$DEFI token is their way of eventually monetizing their services. This is still a work in progress, but the proposed distribution is as follows:

$DEFI's utility are as follows: • Product access (My guess is it'll either be token-gated or pay-per-use) • Become an indexer • Governance voting • App discounts • Payment for contract querying and more

@DeDotFi is looking to integrate with over 500 protocols & chains by Q4 and introduce a bunch of other ways to monetize their services:

This thread was done in collaboration with my frens @DeDotFi to spread awareness about how to keep yourself SAFU while navigating DeFi. Their tool is free to use.

Battle of Valhalla ⚔ Team Schizo @schizoxbt @rektdiomedes @0xFlips @definapkin @Chinchillah_ @jake_pahor @CryptoKoryo @0xSalazar @thelearningpill @WinterSoldierxz @0xCrypto_doctor @DeFiMinty @0xSalazar @crypto_yuvi @_FabianHD @Route2FI @CryptoShiro_ @2lambro @ardizor VS

Team Slappjakke @Slappjakke @DefiIgnas @milesdeutscher @crypthoem @defi_mochi @DAdvisoor @Louround_ @DeFi_Cheetah @LouisCooper_ @crypto_linn @defiprincess_ @francescoglt @cyrilXBT @TheDeFISaint @Only1temmy @Dynamo_Patrick @OvrCldJonny @CJCJCJCJ_ @arndxt_xo @rektfencer