Several crypto developers have found flaws in the smart contract code of Societe Generale’s (SG) euro stablecoin, EURCV.
On April 20, SG said the EURCV would be limited to investors onboarded by Societe Generale group through its existing compliance procedures.
Developers highlight flaws
Software engineer Cygaar discovered that the bank could take and burn all of its users’ money through certain functions in its smart contract.
Cygaar added that “SG was much better off using Onyx (JPM’s internal system) or some internal db since they’re looking for a centralized settlement layer.”
Another developer, 0xfoobar noted that the code requires every single ERC20 transfer to first be approved by the centralized registrar in a separate ETH transaction before it can be processed.
Pseudonymous smart contract engineer alephv.eth also highlighted this issue. The engineer added:
“They coded it so they have to whitelist all users, process all user transfers, and even process your ERC20 approvals before they process your ‘transferFrom’ lmao.”
This will significantly slow down the transaction speed for the stablecoin and complicate the whole process.
Origin Protocol developer Scott Mitchell added that this could not work on Ethereum from an economic perspective. Mitchell said:
“Even if they batch validate transactions and wait for low gas it still will cost too much at scale.”
A blockend engineer with Cyfrin Audits Patrick Collins said:
“The worst part: they didn’t use custom errors. Gas in-efficient revert!”
A crypto investor Mason Versluis said the codes were “absolutely horrible,” adding that the bank should keep their “centralized bulls**t” out of crypto.
The post Crypto developers expose ‘absolutely horrible’ flaws in Societe Generale euro stablecoin appeared first on CryptoSlate.