Recently, large amounts of BEC tokens were withdrawn and undersold due to the contract vulnerability. The digital currency lost almost all of its value, and BEC market transactions were devastated. BEC's official team and OKEX have suspended all transactions and transfers, and the OKEX exchange will rollback the relevant transactions.
The BEC burglary caused ripples throughout the industry. Various blockchain projects with various quality currently exist in the market, and for most investors it can be difficult to determine the reliability of a certain blockchain project. In this column, we take the BEC burglary as an example to put together some basic guidelines for determining the quality of blockchain projects.
- Fully understand the project and team background from the official site and whitepaper
Blockchain is now at the forefront. Big companies, listed companies, and even individuals, are all deploying blockchain projects. However, most of the projects are still in proof of concept, and some have no relation to blockchain. When you see a "blockchain project," you must first determine whether it is in fact a blockchain project, whether it can solve the pain points of an industry, and whether it can be deployed in certain application scenarios in the future. One of the main sources for such information is the official site and official whitepaper.
Let’s take BEC for example. The official site (www.beauty.io) and whitepaper provide cursory background information on the project, and no introduction on the team is given in the whitepaper except for an ambiguous description of rich development experience in blockchain.
The whitepaper introduces BeautyChain and Meitu as strategic partners, but does not specifically refer to BEC as being a token issued by Meitu. Meitu has also repeatedly clarified that it is not issuing any currencies or tokens and that BeautyChain is developed by an independent third-party organization, which only collaborates with BeautyPlus, the overseas version of Meitu, in marketing aspects.
However, an article in Bianews titled “In-Depth Investigation: Is the BeautyChain Token BEC operated by Cai Wensheng and Meitu?” described that the industry suspects that Cai Wensheng and Meitu are behind BEC to raise money from investors, as Cai Wensheng is an investor of OKEx and the oversea version of Meitu is a seed application of BeautyChain. An in-depth investigation for this article revealed that the domain name of BeautyChain/BEC, beauty.io, was registered by TSOI PO CHUNG (Cai Baozhong), the sworn brother of Cai Wensheng (TSOI MAN SHING), who registered a series of domain names with his name in Hong Kong's system of romanization, and the email address of Zhang Li, the old partner of TSOI MAN SHING in cncn.com, founded by TSOI MAN SHING. What separates TSOI MAN SHING from his involvement in BEC are nothing more than two layers of "white gloves," TSOI PO CHUNG and Zhang Li ([email protected]).
- Look at the activeness of the community and code implementation of the project
Community activeness is also an important factor for determining the quality and reputation of a project, such as that in Telegram, Twitter, Facebook and Medium. More members in the community, higher attention and higher activeness point to a wider audience, higher acceptance and better forecast. Almost all blockchain projects run communities to gain cohesion, promote product iterations and communicate consensuses thereof. BEC only has a Telegram group with about 90,000 members.
Further, the most important factor for a blockchain project is the deployment, so the code implementation of a project garners the most concern. Open-source projects are generally uploaded to GitHub, but BEC is not associated with any GitHub account, so the project's code implementation is 0 so far.
- Look at the concentration of the currency
The concentration of a currency reflects the recognition and liquidity of the currency in the market. Decentralized currency possession indicates higher recognition from the market and higher acceptance of currency sales. According to data from etherscan.io, the concentration of BEC is much higher than other successful currencies, up to 88% of which are possessed by the Top 20 users.
- Look at the vulnerabilities of the smart contract
Given the various unreliabilities, a fundamental vulnerability was revealed in the smart contract code of BEC. Hackers used the BatchOverFlow vulnerability in the smart contract and successfully transferred huge amounts of BEC tokens to two addresses. Standard smart contracts are currently using the SafeMath library for arithmetic operations in the contract code to avoid BatchOverFlow vulnerability. Curiously, the smart contract code of BEC used the SafeMath library for all arithmetic operations except for multiplication, which shows that BeautyChain did not conduct the necessary testing and verifications.
The Chief checked the smart contract of the BEC token with a tool provided by the Blockchain Research Center of Cheetah Mobile, and the result was as follows.
"predictions": [ [ "Bug", 96.4 ], [ "Benign", 3.6 ] ] }
This shows that the smart contract code has a 96.4% probability of bugs.
Conclusion
Currently, there is a mess of blockchain projects, and some industry professionals assert that 90% of blockchain currencies are “Currency in the Air,” so investors must be discerning in all aspects concerning blockchain projects. The Chief heard that Cheetah Mobile will be launching a ranking system for blockchain projects in the recent future to take down such “Currency in the Air,” to help investors learn and determine the quality of blockchain projects, and to provide helpful reference for investments in blockchain projects. Let’s wait and see.