WIKI
Donate

The Infamous Migrator Code Function, And Why It’s Dangerous

The migrator code is a function that can steal all funds from a smart contract. Do NOT fall for it! In this guide, we go over why you should stay away.

There’s been lots of talk in the yield farming space about how migrators are “essential” or “useful” in some way.

But after reviewing over 1,000 farms with and without migrator codes…

We’ve come to the conclusion that migrator codes are NOT essential and only add unnecessary risk.

In fact, if we take a look at last month’s yield farms that had a migrator code…

100% of the farms resulted in a rug and stolen funds.

This chart shows projects in June that had a migrator code. 100% of the farms rugged.

So why exactly is the migrator code so dangerous? And why do some farms insist on keeping it?

Let’s explore what a migrator code really is and where it came from, starting with…

What is a Migrator Code and Why is It Dangerous?

A migrator code is a function in a yield farm’s MasterChef contract that allows the owner of the contract (usually a timelock or developer’s address) to move all funds from that contract to any other address. This can result in the total loss of funds if the owner of the contract moves the funds into his or her own private wallet.

Binance even explicitly states that a migrator code can be used to steal funds in malicious contracts:

Binance's blog on migrator codes

Where Did the Migrator Code Come From?

Some people might think the migrator code originated from PancakeSwap, however it all started earlier on the Ethereum Network when SushiSwap migrated $830 million worth of crypto assets from Uniswap to its own community-owned automated market maker (AMM).

PancakeSwap also added on the migrator code, as you can see on line 179 of their MasterChef contract:

PancakeSwap's migrator code function in their MasterChef contract

Why Do So Many Farms Have the Migrator Code?

Take one look into yield farms and you’ll see that many farms look the same.

That’s because they forked from the granddaddy of them all, PancakeSwap.

And since many other farms forked PancakeSwap (read: copied their code), they also included PancakeSwap’s migrator code in their MasterChef contract as well.

Boobsdefi farm's migrator code using DiffChecker

So if the migrator code is so “common,” this brings us to the next question:

Why Remove The Migrator Code?

You might remember the first Medium post from Goose Finance titled ‘First to remove Rugpull Migrator Code.’

After PopcornSwap drained over $2 million, Goose Finance claimed to be the first fork to remove the migrator code, stating that “evil devs like PopcornSwap used this ‘directly forked from Pancake’ excuse to dodge due diligence checks.”

Goose Finance's rugpull migrator code removed blog image
Source: Goose Finance

After that, it became the “gold standard” to remove the migrator code.

After all, why would a user willingly stake their funds in a farm if it had potential to rug?

And why would a yield farm even include the migrator code, when it could simply be removed by deleting it from the smart contract?

Now onto the golden question…

Is There ANY Reason to Have a Migrator Code At All?

According to this Reddit post, a PancakeSwap developer said the following about their migrator code:

  • Chef Chungus, [19.02.21 01:23] It allows a protocol to upgrade in the future
  • Chef Chungus, [19.02.21 01:23] If a protocol wants to innovate and build, then it requires the migrator code
  • Chef Chungus, [19.02.21 01:19] We plan to upgrade our contracts, therefore it’s necessary

But is it REALLY necessary?

You see, when PancakeSwap upgraded their contracts from V1 to V2, the migrator code was NOT used.

Why?

In their Medium post, the PancakeSwap team explained why they did not use the migrator function:

PancakeSwap's response on why they didn't call the migrator function
Source: Medium.com

So in the end, PancakeSwap didn’t even need the migrator code function.

The safer alternative to a migrator function is to simply ask users to unstake their funds and restake them in the new contract.

This is exactly what PancakeSwap did, and the best solution to provide safety to users while also allowing farms to implement upgrades in their contract.

So in the end, migrators are NOT worth the risk. They are used far more maliciously than they ever do good—this is the reason we rate farms that have a migrator code as HIGH RISK.

To learn more about our risk rating system, check out our article or watch our video below:

What About a Timelock?

Unfortunately, once a contract is set in stone, a timelock does NOT prevent the migrator function from being called on.

It only means there’s a set amount of time before the migrator code can be “activated.”

In other words, the PancakeSwap MasterChef could steal all funds within 6 hours if they wanted to.

…And if nobody’s checking the contract interactions, then you may have even less time depending on when someone sees the timelock activated.

So don’t rely on a timelock to save your funds… They could literally disappear overnight while you’re sleeping.

The Not-So-Great Migration

In summary, we highly recommend to stay away from yield farms with a migrator code, even if they have flashy graphics.

If you want to be sure, feel free to ask our amazing community via our Telegram group if you have any questions about yield farming.

Or, head on over to our comprehensive list of farms to see if your farm is on our list.

And as always,

Stay safe out in the DeFi world!

Official Partners

Popular Links
Resources
For Farm Owners
Telegram Youtube Twitter Discord

Disclaimer: This is done with our best knowledge and effort, nothing can be known for certain – always DYOR and risk management. This is NOT financial advice. Use the information presented here to inform your own decisions. Referral links may be included on any outbound link.

Search

  • How can I request for an update to my review?

🟢 For owners who have made impactful changes and would like an update to their farm review:

1️⃣ Use #update at @RugDocChat with your description and proof of changes and it will be forwarded to our scanners.

2️⃣ This does not guarantee a change in your review.

3️⃣ Owners who have difficulty solving the issues can consider our Consultation Package – please contact @BaymaxCrypto on Telegram to discuss.

  • What do the risk ratings mean?

Our mission here at RugDoc is to screen for hard rug code that results in 100% theft of ALL underlying funds for ALL participants.

This is the ONE part of the due diligence process that most people cannot simply do on their own as it costs thousands of dollars to hire a senior solidity developer to look over a farm for safety.

A project coin with terrible code can go up in price, and a project with good code and a good team can also go down in price.

Do NOT use our ratings to refer to your likelihood in making money if you invest in the project. They are ONLY in reference to code safety.

Everything else beyond code safety is YOUR responsibility to go do research on. We just make sure the casino you’re betting in won’t rob you before you even get to place a bet.

Our reviews for projects are organized into a few colors.

🟢 Least Risk
These projects are the least likely to hard or soft rug. Usually reserved for cornerstone projects of an ecosystem where it makes no financial sense for them to rug in any manner as they make more money just being legit.

🔵 Low Risk
These projects are usually established projects in an ecosystem that have a track record of success or have KYC’d to us or other authoritative sources in the real world. As a result, it is extremely unlikely for them to soft rug or hard rug their projects. The projects can still fail and the token price can go down, but usually more as a result of natural market forces.

⚪️ Some Risk
This is the default rating for projects with unknown teams but have code that is unlikely to have hard rug risk. Since the team is unknown and doesn’t have a track record of success, it’s entirely possible that they may try to soft rug by dumping tokens, abandoning the project, etc. Even a last minute contract swap to a malicious contract is possible. The only thing that is unlikely is a complete hard rug as long as you are 100% sure you deposit into the contract we review.

🟠 Medium Risk
Similar to Some Risk, but the underlying code itself is custom enough or complex enough that it warrants an elevated risk rating that needs deeper research. Make sure you read every point presented to make sure you’re comfortable with that before entering. Still unlikely to hard rug, but more chances of custom code behaving incorrectly and causing other issues.

🔴 High Risk
Project contains code or practices that are HIGHLY LIKELY to lead to catastrophic losses as they are right now. Make sure you read the description carefully as we will always warn what these issues are. If you see the words Hard Rug anywhere in the review, STAY FAR AWAY!

⚫️ Not Eligible
We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours. Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.