From Google Sheets to DeFi Leader: RugDoc’s 2021 Reflection

In this article, we will be looking back to the colorful and defi-mazing journey of Rugdoc.

From Rugs to Riches, RugDoc has been growing steadily as a tight-knit community and we are fortunately blessed to have you all along the journey with us.

Let’s face it – this is mostly because of you, our loyal fellow degens, that have made our platform the go-to place in DeFi and helped our goal of #MakingDeFiSafer.

Here’s a look back on some of the highs and lows of RugDoc’s inaugural year.

The Birth of RugDoc

In March 2021, RugDoc was born. Our focus was to make DeFi safer with a more community-led approach. In fact, here was our first official text announcement on our channel:

A telegram message that remembers the birth of rugdoc in the defi space.

And with a much larger and loftier goal, we needed bigger tools.

And so, RugDoc officially started… with a Google Sheet.

It wasn’t anything fancy—just a simple spreadsheet where we reviewed yield farms using a free tool called Diffchecker and jotted down our thoughts.

But it worked.

Countless members of RugDoc’s community were saved from getting the rug pulled from their feet as we fired up our first danger announcements.

In fact, we were noticing many red flags left and right, so we decided to announce our first real potential rug alert:

Rugdoc pointing out a redflag and a potential scam situation.

Shortly after, Pulldogswap pulled the rug from underneath as the team ran off with users’ funds. But not those who listened to our first call.

It turns out, the community saw our potential…

The Growth of a Community

Our team grew, but so did the scammers.

Come April, we saw more and more projects aiming to steal users’ funds. Polygoat.Finance, even with a Solidity Audit in hand, blocked users from withdrawing their funds. In fact, all harvests went to a private wallet.

Our nuanced suggestion was to “GTFO and stay out – unstake and bail!”Alt Season is Here! (Caution Advised…)

Come June, famous writer Marie Lu’s quote rang true: “June will break your heart. I can see it already. She’ll shatter you into a million pieces.

We saw so many rugs this month, it could have been mistaken for a house of ill repute.

From PolyWeed devs that set withdrawal fees to 98% to PolyButterfly which had codes in their masterchef that allowed them to steal staked tokens, chaos ensued. 

Total stolen: 600.35 ETH (or over 1.5M $ at the time). A Code Cat comeback was imminent. 

A comic by Rugdoc.

Novel ways of exploiting projects were unfolding, such as the exploit that allowed scammers to generate countless tokens, draining a liquidity pool in the process. Such farms affected by this exploit included KetchupSwap, Lokum, YBear, Piggy, CaramelSwap, GoCerberus, and Garuda.

But within darkness, there’s light!

Or, at least some kind vigilantes with Batman-levels of detective skills. A big shoutout goes out to CryptOgle and the team, who tracked down the scammers from the $22M StableMagnet exploit. After 2 grueling weeks, most of the money was finally recovered.

This was a huge highlight of the year, showcasing that there are some truly great people in DeFi. And speaking of highlights, we thought it was time for RugDoc’s Google Sheets to finally hit the sack in favor of our fresh, new website.

The Summer of Ups and Downs

In July, we hit a great milestone: our 1,000th review. We have to give credit to our reviewers who are all residents of New York – or, so we assume – because just like the city that never sleeps, they are working around the clock on these reviews to Make DeFi Safer!

We also gained more partners such as @ApeSwap and reviewed their platform as the 1,000th RugDoc review.

We also partnered up with our preferred auditor, @0xPaladinSec🛡! They are a RugDoc preferred auditor because they conduct thorough audits and help projects deploy safer contracts for users.

Rugdoc.io also officially partnered with @avalancheavax by bringing our peer review process to their chain and creating educational content for #AVAX users at wiki.Rugdoc.io! We also partnered with @iotex_io and the gaming metaverse, ProjectOasis!

Here are some more lows we faced, but tackled head-on as a community:

RugDoc: In the Flesh

Of course, we’re mostly a digital-based community.

But this time, we had some in-person events to cover.

The Doc was asked to speak at DCentral Miami. The party didn’t stop there, as if you looked close enough, you could meet and greet us IRL as we co-hosted a few events during Art Basel like the Siren Pool Party, the 0xGenesis Yacht Party, and the Major Lazer show!

If you unfortunately missed out on those, there was some great swag to be had and found around Miami.

Different RugDoc merchandise exclusive for the community.

An Eventful End of Year

Sadly, we encountered a December to dismember as our calling became ever more clear with some new exploits:

  • $120M was stolen in the @badgerdao exploit. This terrible experience serves as a lesson that even older, established DeFi projects can catastrophically fail and users can never afford to get too comfortable about their security.
  • @BitMartExchange hot wallet was also actively being hacked and stolen under our eyes. This was the first time we’ve seen an entire hot wallet compromised. $200M was dumped and gone. 
  • @BNBHeroes soft rugged and dumped liquidity for a gain of ~$2M.
  • Grim Finance was severely exploited for 30M after the #Fantom vault’s platform was exploited through a reentrancy vector. A combination of a bad audit, bad code, refusal to see the warning signs, and pride were the main culprits.

Ah well, you either win or you learn in DeFi. 

Thank you, RugDoc fam for a wonderful 2021! We start 2022 with even more drive, determination, wisdom, and experience as when we first launched. We aren’t even a year old, and are excited to keep building to Make #DeFi a safer, more accessible space for all!

Signing off,

Team RugDoc

Search

🟢 For owners who have made impactful changes and would like an update to their farm review:

1️⃣ Use #update at @RugDocChat with your description and proof of changes and it will be forwarded to our scanners.

2️⃣ This does not guarantee a change in your review.

3️⃣ Owners who have difficulty solving the issues can consider our Consultation Package – please contact @BaymaxCrypto on Telegram to discuss.

Our mission here at RugDoc is to screen for hard rug code that results in 100% theft of ALL underlying funds for ALL participants.

This is the ONE part of the due diligence process that most people cannot simply do on their own as it costs thousands of dollars to hire a senior solidity developer to look over a farm for safety.

A project coin with terrible code can go up in price, and a project with good code and a good team can also go down in price.

Do NOT use our ratings to refer to your likelihood in making money if you invest in the project. They are ONLY in reference to code safety.

Everything else beyond code safety is YOUR responsibility to go do research on. We just make sure the casino you’re betting in won’t rob you before you even get to place a bet.

Our reviews for projects are organized into a few colors.

🟢 Least Risk
These projects are the least likely to hard or soft rug. Usually reserved for cornerstone projects of an ecosystem where it makes no financial sense for them to rug in any manner as they make more money just being legit.

🔵 Low Risk
These projects are usually established projects in an ecosystem that have a track record of success or have KYC’d to us or other authoritative sources in the real world. As a result, it is extremely unlikely for them to soft rug or hard rug their projects. The projects can still fail and the token price can go down, but usually more as a result of natural market forces.

⚪️ Some Risk
This is the default rating for projects with unknown teams but have code that is unlikely to have hard rug risk. Since the team is unknown and doesn’t have a track record of success, it’s entirely possible that they may try to soft rug by dumping tokens, abandoning the project, etc. Even a last minute contract swap to a malicious contract is possible. The only thing that is unlikely is a complete hard rug as long as you are 100% sure you deposit into the contract we review.

🟠 Medium Risk
Similar to Some Risk, but the underlying code itself is custom enough or complex enough that it warrants an elevated risk rating that needs deeper research. Make sure you read every point presented to make sure you’re comfortable with that before entering. Still unlikely to hard rug, but more chances of custom code behaving incorrectly and causing other issues.

🔴 High Risk
Project contains code or practices that are HIGHLY LIKELY to lead to catastrophic losses as they are right now. Make sure you read the description carefully as we will always warn what these issues are. If you see the words Hard Rug anywhere in the review, STAY FAR AWAY!

⚫️ Not Eligible
We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours. Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.