• Crypto developers have exposed several flaws in the smart contract code of Societe Generale’s euro stablecoin, EURCV.
• These flaws include the ability of the bank to take and burn all user money through certain functions in its smart contract.
• Other issues pointed out by developers include the requirement for every ERC20 transfer to be approved by a centralized registrar before processing.
Societe Generale’s Euro Stablecoin Flaws Exposed
Crypto developers have uncovered flaws in the smart contract code of Societe Generale’s (SG) euro stablecoin, EURCV. On April 20, SG announced that it would limit EURCV to investors onboarded through its existing compliance procedures.
Ability to Take and Burn All User Money
Software engineer Cygaar discovered that the bank could take and burn all of its users’ money through certain functions in its smart contract. Cygaar added that “SG was much better off using Onyx (JPM’s internal system) or some internal db since they’re looking for a centralized settlement layer.“
Requirement for Centralized Registrar Approval
Another developer, 0xfoobar noted that the code requires every single ERC20 transfer to first be approved by a centralized registrar in a separate ETH transaction before it can be processed. Pseudonymous smart contracts researcher Rhubarbarian highlighted other drawbacks such as lack of privacy and lack of decentralization.
Questions Over Viability
The findings have raised questions over the viability of SG’s euro-pegged token and what it means for other banks‘ attempts at digitalizing fiat currencies on Ethereum Blockchain networks such as JP Morgan’s JPM Coin, Standard Chartered’s SCB Digital, UBS’s Utility Settlement Coin and more.
Seeing such serious issues with this one project has prompted crypto developers all around to question how many other projects are out there without realizing their own vulnerabilities due to rushed development processes or negligence from central authority overseers.