Moolyacoin Token Code is Dangerous, “Have faith in us” Says Founder
In a world where code is law, if the code allows it, it is legal. So in reality what Moolya’s team is doing complies with their code, except this code appears to be dangerous. As first pointed out by Keith Mukai Moolyacoin’s smart contract has more than a few questionable aspects to it. The most alarming of which is that Moolya’s coders added in the ability to their smart contract to retrieve tokens from any wallet, anytime, anywhere. That’s right. They do not need your private keys. They do not need your password. They do not need your permission; they can move any Moolya token back to themselves anytime they want. Sounds like fiat to me.
The Solidity Code: burnReturn
This code is named “burnReturn” but it could be called “takeBack” or “withdrawCoins” because it does not burn tokens, rather it retrieves them, transfers them from any wallet back to the person who holds the private keys to the smart contract that created Moolyacoin:
If you are not offended, maybe you should be. This violates the principle of irrevocable transactions, a bedrock for most coin projects. Some projects like Ripple allow for this as well. Some like Ethereum and Stellar allow users to create tokens that have this ability, should they want a token like that. But those are special cases and certainly this ICO does not currently explain on their website a need for the ability to take tokens from your wallet. Nor does it ever explicitly point out that they built this function into their token. But they did build it in.
And maybe worse still, they have already been using the function to take back tokens without notifying the wallet owners. In regards to use of this coin return tool “of the hundreds we have issued we have hardly done it for a few,” says Rakesh Naik, Executive Chairman and Founder of Moolyacoin in Telegram discussion Friday October 5, 2018. When asked to explain his reasoning, Mr. Naik said they added in this function to protect people from harm “to ensure we can counter any threats, thefts or malpractices faced by any of the holders during the course of time.” Mr. Naik says not to worry though, just “have faith in us.” The blockchain is a trustless system and a token that requires trust is a dangerous, potentially corruptible coin.
But remember, in a world where code is law, use of this particular token is almost an implied agreement that you consent to let them take coins from you whenever they choose. Buyer, beware!
The Solidity Code: Mintable
In addition to their backdoor to all of the Moolyacoins in your wallet, there is another unusual function built into the Moolyacoin smart contract and readers should be aware of this as well. This one is easier to understand and is actually called out on their website. This function is aptly named “mintable” and allows the owners of the token creation contract to issue more coins whenever they so desire. While most smart contracts only allow for the creation of coins to occur at one point in time, these coders decided to allow the mintable function to be executed anytime they chose without limit.
Although they call it out on their website, they also contradict themselves elsewhere on the site by claiming “no inflation effect.”
The current token contract does not automatically inflate the supply on a schedule like Ethereum does, but still, the creators built in the capacity for inflation. Why?
Once again, they imply the mintable function is there for the community’s own protection. That the future is always unpredictable and so they wanted a coin that would be ready for anything. The coin is set up to have 18 decimals which gives it the ability to be divided into tiny fractions. What sort of future do they believe exists where 1,000,000,000.000000000000000000 might not be enough?
Do buyers know that Moolyacoin has highly centralized controls that the creators say are there for the token holders’ protection? What I see are two potentially dangerous pieces of code that violate the basic principles of cryptocurrency: (1) I own my coins and no one can move them but me and (2) there is a tightly controlled, predetermined supply of these coins in the world.
Be safe out there!
Continue the discussion on Twitter @BitcoinCensus