Can a shady Contract/Pool take your LP tokens?

Hey guys, I am still learning DEFI and only considering using ‘trusted’ platforms like anchor and Osmosis for now. I have mostly been into rewards token like PolyX (PXT on coinmarketcap) that gives rewards in Polygon MATIC until now.

I just have a question that may sound noobish but is it a possibility that a shady contract can withdraw your deposited LP tokens? I ask this because I have seen several Pools offering thousands of APR and I am tempted to try them out but I am worried that a shady contract may be able to withdraw your deposited LP tokens after you have deposited them.

Any clarifications will be appreciated.

Edit – People DMing about PolyX, here is the website to the project –

View Source

26 thoughts on “Can a shady Contract/Pool take your LP tokens?”

  1. YES. That is why both safety and security are paramount.

    “Oh look a cool new farm with only $30k TVL, I must be early!!!” – boom, honeypot.

    Be careful out there!

    Reply
  2. a way to mitigate… will b costly (specially if on eth) have multiple wallets, main wallet is ur private, alt wallets r ur public. if u want to stake, send from Main to alts , then stake from alt. if it becomes compromised only the compromised alt will lose. use each alt for one coin/token that way if it becomes compromised not all ur stakes lose. yeah, costly due to multiple transaction fees, but is the risk worth it? u decide.

    Reply
  3. The short answer is yes.

    If I’m reading your question correctly, you’re asking if you deposit a token into a contract – can your token balance be withdrawn by someone else? It can happen by two ways, the contract has an unintentional bug in it or has malicious code hidden in it.

    Just because a pool is yielding 1000%+ APR doesn’t really mean that it’s shady, there are other factors you need to consider. The only real way you can mitigate this issue is either trusting others in the community/external audits or learning solidity and auditing contracts yourself (no trust needed here).

    Also while I’m sure a lot people here are well intentioned, it doesn’t seem like many have any idea of what they’re talking about.

    Reply
  4. Most of these degen yield farms are more of a pump and dump than rug pulls. Someone spins one up, people buy the native token, the native token goes up for like 4 hours to 2 days and then people sell it and it nosedives like 75% over the course of like an hour.

    Actual rug pulls where like you deposit an ETH-BTC pair and they just take all the deposits and run don’t happen that often from my experiences.

    In a real rug pull though, they aren’t taking the tokens from your wallet. You’ll still have your LP tokens, they just won’t be worth a damn since all the liquidity provided was taken. Just a heads up on how a lot of defi works… it’s all tokens. You deposit a real actual token into a smart contract. That contract gives you a token that *represents* what you deposited. They don’t need to bother messing around with pulling *representative tokens* out of your wallet when they can just grab the actual real tokens out of the smart contract.

    Reply
  5. I have never thought about this but i believe it is a possibility that a contract drains your LP. More experienced people can chime in.

    Be careful out there. Scammers are getting smarter.

    Reply
  6. Of course. How do you think so many ppl in the crypto space are getting “hacked”? You should always revoke all approvals when you’re done using any site

    Reply
  7. This is absurd, is there anyone who can explain why this is enabled by wallet makers? We’re not talking about giving away your phrase, what’s the benefits of this feature if any?

    Reply
  8. Unlimited supply of 1 scammy coin and impermanent loss combined I guess could make one poor.

    I hope this doesn’t happen in any LP pools on Juno Swap Dex

    Reply
  9. Well from what I know, yes… If you put your tokens into a shady adress, you know that everything can happen – even doh I hope you’ll get yours back!

    Before I use a platform or a pool I do tons of research about it, and try to talk to ppl who already use it, so i get first hand experience.

    But if you are a trader too, then start expploring option trading – siren protocol can be a good start for a beginner – or expert !

    Reply
  10. Smart contracts can absolutely drain your crypto if there are trapdoors made on purpose or by accident. You can always verify the code of the smart contract yourself. But finding the hidden trapdoors in a smart contract requires a lot of knowledge and experience. That‘s why the serious DeFi protocols (us including) are going for professional and transparent security audits for their smart contracts.

    Reply
  11. Sure, you need to trust the project, if inexperienced just go with the leaders on the respective blockchain just like RAMP Defi. The Avalanche integration has been supporting wAVAX for $rUSD collateralization, which means that more Avalanche single assets such as wBTC.e, wETH.e, LINK.e, and JOE will be supported eventually within this quarter, and the platform is planning more Network Integrations for 2022.

    Reply
  12. On a trusted platform, the pools are safe, and the reason the APR is so high is that people apparently think the token is pretty worthless and you’ll lose all your money.

    Reply
  13. Is there any definitive way to determine if your wallet’s funds were drained due to your pass phrase being compromised or due to accepting a malicious contract? I lost a few thousand back in December, and I still don’t know if it was because of a bad contract I signed, or if someone created another wallet without me knowing.

    Reply
  14. I think the answer is yes… Because most pools tries to use convincing words and enticing rewards to attract people to the platform but later end up not meeting up to the promised pay.
    Thanks to some DeFi projects like Spool finance which allows you to choose everything you want according to your risk appetite…

    Reply

Leave a Comment