Yesterday, Oyster Protocol CEO William Cordes revealed details of an internal theft perpetrated by none other than the project founder and original designer, Bruno Block.

In the announcement, Cordes explains how Block manipulated a loophole that he (Block) created himself within the code of the Oyster smart contract. The loophole allowed Block the ability to assign directorship within the PRL contract which would give a user the ability to perform certain higher level functions, including minting new tokens. Despite numerous audits requesting a change to the code, Block insisted that the loophole remain open so that he can perform certain adjustments when necessary.

In a massive abuse of trust, Block eventually used the loophole to assign himself directorship and mint 3 million new Oyster tokens which he then secretly sold on the KuCoin cryptocurrency exchange for approximately $300,000, before disappearing. As a result of the scandal, Oyster Protocol has dropped in value by over 50 percent in the past 24 hours.

Issues in the Substratum Smart Contract

Now, new suspicions have been raised regarding Substratum (SUB), the decentralized internet project which has faced numerous controversial allegations recently. It would appear the Substratum smart contract contains aspects similar (Line 136) to that of Oyster Protocol and could give developers the ability to mint tokens out of thin air. Furthermore, it appears that in a recent token burn, rather than send tokens to an inaccessible address, tokens were simply moved to a wallet which the development team may well have access to. If the tokens aren’t truly burnt, then one must assume that the price of Substratum is artificially inflated as the tokens could still be sold or reintroduced to the pool.

A substratum moderator has responded to these allegations on a Reddit post, implying that the tokens are safe since only the dev team have access to them. As we can see from the Oyster debacle though, this is clearly not a sign of security at all.  Substratum devs are not anonymous like Oyster’s Bruno Block, however, so it’s true that wrongdoing is far less likely.  Still, it seems suspicious that they would not properly burn the tokens if they genuinely have no intention of using them again. Furthermore, after adding it to its platform five months ago, Binance audited the project and requested that the minting issue is fixed, but despite an announcement reporting that the issue would be resolved it still doesn’t appear to have happened.

It’s quite possible the allegations are groundless, but as the old saying goes, “there’s no smoke without fire.” Hopefully, the Substratum team will provide proof of an update or resolution to these issues and silence the doubters.

Whatever the outcome, the Oyster Protocol issue alone further highlights the ongoing problem of trust in an industry that is meant to be built on trustlessness.