The technical red flags of the Substratum Network (SUB)

Dear readers,

Today I would like to inform and warn people for some heavy red flags in the Substratum Network project (SUB). Currently a top 100 project on CoinMarketCap.

For those unfamiliar with the project here’s a summary from their website : “Substratum is an open-source network that allows anyone to allocate spare computing resources to make the internet a free and fair place for the entire world.”

Any attempts on querying the Substratum team regarding this subject were rejected with deletion and bans on their official channels.

I will discuss the following topics :

  1. The Substratum ICO contract
  2. The Substratum (SUB) smart contract
  3. The “Burning” of tokens
  4. Conclusion

The Substratum ICO contract

The Substratum crowdsale contract(https://github.com/substratum-net/smart-contract) is a complete copy of the crowdsale contract of a coin called “Skincoin” (which appears to be a Russian coin, who’m I wasn’t able to contact).

*Note, this burn function is not in the live smart contract, which I refer to later in the article.

As seen on this revision page (https://github.com/substratum-net/smart-contract/commit/ecae3ff6c4c50cf0e72a504148e41b1b5d9e37fd), there are still more (live) references to Skincoin

The Substratum (SUB) smart contract

The Substratum smart contract (https://etherscan.io/address/0x12480e24eb5bec1a9d4369cab6a80cad3c0a377a#code) is basically a complete copy-paste contract ripped from the https://ethereum.org/token template.

There are 3 very concerning things here :

  1. The contract has unlimited mint
  2. The contract has a freezeAccount function
  3. There are bugs & possible vulnerabilities in the contract
mintToken function

The contract owner (the Substratum Network founders) is able to mint unlimited new SUB tokens. There is no check whatsoever in the contract, nor is the minting an event, that can only happen once. It is therefore not possible to truly trust the amount of tokens. In easy words ; tomorrow the SUB token could have 5,000,000,000 new tokens, without anyone knowing until they check the contract itself.

FreezeAccount function

The contract owner (the Substratum Network founders) is able to freeze ANY account which has SUB tokens. This means that any account holding SUB tokens, could be locked out from sending that SUB by the owners. This includes any exchange account(s) or big holders. This should not be in a live contract.

The “Burning” of tokens

The Substratum network has made 2 videos of “Burning” tokens(burn #1; https://youtu.be/qdeOXfvXAO0 and burn #2; https://youtu.be/n83gZeq7YtY).

Apparently the idea is that if the private key is not known of an address, the tokens are “burned”, which is true. However, there is no single way to verify that the private key of any address is not known.

There are a few accepted ways you could burn tokens, with proof.

  1. Call a burn function in the contract.
  2. Send tokens 0x00.

The contract contains no burn function at all, so that is not possible for the SUB token.

The tokens were also not sent to 0x00, but have been instead sent to this address as regular transfers; 0xd41d37f9865cc121f71957e6eafb09cbdc98d6c3

I thought, maybe, that they would have used the “freezeAccount”-function to freeze this account. When querying the contract, that unfortunately also returned false. So there is no way to know, if these tokens are burned or not.

Conclusion

The lack of a GitHub (remember, it’s supposed to be open source), the lack of a proper smart contract and the blatant copy-pasting of other projects, are huge red flags (there’s also the dubious movements of funds here and here , but these might have real use cases). I can only come on 2 possible conclusions to this:

  1. The team is not capable enough of creating a proper smart contract. In the case of an ambitious project like this, this is alarming to say the least.
  2. The team is dishonest and it’s a scam, with a huge marketing/youtube campaign.

Without calling the team out on being scammers, I would highly advise people to be wary of faulty smart contracts like this and do as much research in a project as you can, before investing real money in it.

I see absolutely no reason why a smart contract as the one of the Substratum network should have any value at all. It is not decentralized, it is not secure, it isn’t worth $300,000,000.

Be wary, be safe and please do your due diligence before investing.

Best luck to all and I hope to have helped at least some of you.

YagamiLight