According to a report written by Cointelligence, which deals with data research and analysis in the crypto world, the smart contract behind the LEO token of Bitfinex would hide some unclear functions.
The LEO token, which is based on the Ethereum ERC20 standard, was launched on May 10th by iFinex Inc.
Cointelligence checked the code of the smart contract on Etherscan and then tested it on the Ropsten testnet to draw up the report.
Reviewing all the code, a series of elements were discovered that would allow doing practically anything to the “controller” of the contract, in this case, 0xf17ebb3a24dc6d6b56d38adf0df499c1cd9e5672, thus allowing to transfer, approve, burn and change the controller.
There was also a function in the code called “generateTokens” which, as the name suggests, allows creating tokens in an unlimited way.
There is also a destroyTokens feature that allows burning LEO tokens simply by choosing the address that contains the LEO tokens and specifying the total to burn, via owner and amount.
To prove the truth of these claims, Cointelligence tested the function and burned a staggering number of tokens (1 billion to the power of 4).
Clearly, these functions have been created to prevent certain harmful scenarios from happening, such as deleting funds from a compromised account or blacklisting wallets from a hacked exchange.
With regard to the above, the CTO of Bitfinex, Paolo Ardoino, stated in a tweet that these functions, and in particular that of creating new tokens, have been included in view of a long period of activity of the token itself.
For security and future proof reasons we left the ability also to upgrade the Token Contract. That's really a key feature for a contract that might live lot of years. Minting more tokens would just not make sense for Finex… like shooting our foot.
— Paolo Ardoino (@paoloardoino) July 2, 2019