REKT Post-Mortem

REKT

We noticed that you were asking about the nature of an “attack” and who “benefited” from our mistake. First, we fucked up, and we are really sorry for that. This article is designed to explain what happened, provide a few examples of “attacks,” and provide a list of wallets and users who were doing that. And, of course, a few words about what’s next.

Check this link with ERC1155 token transfers of a specific account. As you can see, this user always bought 3 cards in 1 TX and immediately sold them one by one. If you check this link, you’ll notice that a user was paying 1250 $DEGEN for 3 cards. It seems legit; nothing wrong. But then, check for how much he was selling these cards 1 by 1: 900 $DEGEN, 450 $DEGEN, and 225 $DEGEN. In total, 1575 $DEGEN, pure 375 $DEGEN profit. Now, just imagine that some accounts have hundreds of similar TXs. The mistake was that when you bought a few cards in one TX, the total price was calculated wrong.

Now, a few words about the whole architecture. We had a central smart contract used as storage for $DEGEN tokens, which were used to purchase cards. Also, this smart contract paid you anytime you were selling cards. NOBODY. Again, nobody could access this smart contract and just withdraw funds. This info will be proved by the upcoming security audit. That’s why your Uncuts wallets were safe.

How did we identify users who benefited from it? It’s pretty simple. If the number of “buy” operations was approximately three times less than “sell,” then there was a 99% chance that this is our “rabbit.” So, here’s the list of wallets + Farcaster names who did that stuff.

https://docs.google.com/spreadsheets/d/1BDy1zH6cMqN2u-9dhZnQz3rBKQdBTDM0_7A9yZ_9gJc/edit?usp=sharing

If you ever thought this was a “REKT team play”, consider that we had to manage all these Farcaster accounts. Want to verify them? Take any wallet from the above spreadsheet and verify its ERC1155 token transfers.

This bug and mistake have already been fixed. The REKT team is already performing an audit with a security audit company. V2 mainnet won’t go live until we announce the results of the security audit and ensure that everyone is happy with the V2 launch on mainnet.

We are sorry about that and are working on a full refund. As we already mentioned, the next batch of partial refunds is coming this Monday. We won’t leave a project. We won’t step back. If you hate us, you can skip REKT. If you were affected, we’ll do everything we can to refund your deposit. If you love us, stay with us! 

Ray Farcaster
Ray
Commented 1 year ago

事後分析見るに、アプリの脆弱性突かれてお金盗まれてるのに、まだ全額返金されてないのか… ローンチして返金資金稼ごうって意図だろうけど、とてもじゃないけどこんなとこ入れれないよね💦 https://paragraph.xyz/@onrekt/rekt-post-mortem

REKTFarcaster
REKT
Commented 1 year ago

We noticed that you were asking for the details of why the fuck us has happened and who "benefited" from it. Here's the post where we explained it! P.S. This mistake has been fixed already, and it will be proved by the upcoming security audit. https://paragraph.xyz/@onrekt/rekt-post-mortem

Maklaud🔵Farcaster
Maklaud🔵
Commented 1 year ago

🚀 Your cast cashed in! Claim 🎩 DEGEN tokens on jam now! 🟣 https://jam.so 🟣

RustamFarcaster
Rustam
Commented 1 year ago

What should you do here?

Maklaud🔵Farcaster
Maklaud🔵
Commented 1 year ago

This is an application. here you can buy cards of people from forkaster,

Howie NFTlobby/TAC🎩🫂Farcaster
Howie NFTlobby/TAC🎩🫂
Commented 1 year ago

Appreciate you. Excited for the future! 420 $DEGEN

Guerrix🔵Farcaster
Guerrix🔵
Commented 1 year ago

@jacek should take a look at this list and give them a nice "bonus" in degen when the season ends ...

l939l🦎🎩Farcaster
l939l🦎🎩
Commented 1 year ago

ty for the nonstop work<3 dont forget to rest too frens^^

REKT Post-Mortem