We noticed that you were asking about the nature of an “attack” and who “benefited” from our mistake. First, we fucked up, and we are really sorry for that. This article is designed to explain what happened, provide a few examples of “attacks,” and provide a list of wallets and users who were doing that. And, of course, a few words about what’s next.
Check this link with ERC1155 token transfers of a specific account. As you can see, this user always bought 3 cards in 1 TX and immediately sold them one by one. If you check this link, you’ll notice that a user was paying 1250 $DEGEN for 3 cards. It seems legit; nothing wrong. But then, check for how much he was selling these cards 1 by 1: 900 $DEGEN, 450 $DEGEN, and 225 $DEGEN. In total, 1575 $DEGEN, pure 375 $DEGEN profit. Now, just imagine that some accounts have hundreds of similar TXs. The mistake was that when you bought a few cards in one TX, the total price was calculated wrong.
Now, a few words about the whole architecture. We had a central smart contract used as storage for $DEGEN tokens, which were used to purchase cards. Also, this smart contract paid you anytime you were selling cards. NOBODY. Again, nobody could access this smart contract and just withdraw funds. This info will be proved by the upcoming security audit. That’s why your Uncuts wallets were safe.
How did we identify users who benefited from it? It’s pretty simple. If the number of “buy” operations was approximately three times less than “sell,” then there was a 99% chance that this is our “rabbit.” So, here’s the list of wallets + Farcaster names who did that stuff.
https://docs.google.com/spreadsheets/d/1BDy1zH6cMqN2u-9dhZnQz3rBKQdBTDM0_7A9yZ_9gJc/edit?usp=sharing
If you ever thought this was a “REKT team play”, consider that we had to manage all these Farcaster accounts. Want to verify them? Take any wallet from the above spreadsheet and verify its ERC1155 token transfers.
This bug and mistake have already been fixed. The REKT team is already performing an audit with a security audit company. V2 mainnet won’t go live until we announce the results of the security audit and ensure that everyone is happy with the V2 launch on mainnet.
We are sorry about that and are working on a full refund. As we already mentioned, the next batch of partial refunds is coming this Monday. We won’t leave a project. We won’t step back. If you hate us, you can skip REKT. If you were affected, we’ll do everything we can to refund your deposit. If you love us, stay with us!