NFT project loses $34M to smart contract flaw By BTC Peers
[ad_1]
NFT Project loses $34M due to smart contract flawAfter a clever contract bug, which has rendered the funds inaccessible to $34 million, the future of an NFT project that was highly anticipated is uncertain.
Akutars was a much-anticipated NFT project, which was due to be launched over the weekend. Aku is the 3D avatar project based on a character Micah Johnson created. The original Aku NFT holders were given a free avatar. Only 5,495 items of 15,000 are available for purchase.
The sales went live with a Dutch Auction on Friday, opening at 3.5 , plus a 0.5 Ethereum discount for holders of an “Aku Mint Pass.” However, things quickly began to go awry.
Some developers contacted the Aku team to warn them about the potential exploit of their smart contract after launch. Hasan, a Twitter user (NYSE:), tried to alert developers about the flaw. However, he was apparently dismissed on the grounds that it was an option and there weren’t any failsafes.
I spoke to their team and they confirmed that there were failsafes. It looks like it would be fine to take part in the auction. https://t.co/nBjCVVPXzW
— hasan (@notchefbob) April 22, 2022
The smart contract code was designed to let mint pass holders receive a refund before any team members could withdraw. The team believed that the number of bids needed to sell NFTs was equal, but failed to take into account multiple bids. Many buyers sought to make multiple NFTs from the same bid. The contract was never met by these buyers, which resulted is a total of $34 Million worth of Ethereum lost forever.
AkuDreams claimed this was an enhancement, and that there were no exploits. Multiple developers brought up concerns about mint. Bizarre justifications. pic.twitter.com/cVgEXnnWzF
— foobar (@0xfoobar) April 23, 2022
To prove a point, another user named USER221 opted to trigger the suspected flaw to show the project’s vulnerability. The unknown individual executed what is known as a “griefing contract,” locking the smart contract’s ability to process refunds to underbidders.
USER221 included a note in his transaction asking the project to “please do bug bounty on [their]Contracts or having them audited. The individual also told Akutars that the transaction would allow them to unlock the project in another transaction.
This was very much a fun project, I didn’t intend to exploit it lol. Otherwise I wouldn’t have used Coinbase (NASDAQ:). Once the exploit is publicly acknowledged by you, the block will be removed immediately.
In a postmortem thread on Friday night, the Akutars dev team acknowledged the floor and admitted that the exploit by the unknown individual “was not done out of malice” and USER221 “intended to bring attention to best practices for highly visible projects.”
In another tweet on the same day, the project’s founder and former pro-baseballer Micah Johnson apologized to the NFT community for brushing off the concerns.
I am not more expensive than my mistakes. I’ve reinvested most everything into building Aku. & most everything will go back to refunds and we will keep building what we set out to do.Brick by brick. https://t.co/vQiPbl0Jpl
— Micah Johnson (@Micah_Johnson3) April 23, 2022
[ad_2]
