Today, an NFT project called akutar was locked up because of a contract bug, resulting in 11539 eth with a value of $34 million!
First of all, let's introduce akutar. From the description on the official website and their twitter, we can see that this is not a fake project. On the contrary, it is a high-quality project with great care. The quality of both fine painting style and roadmap description is very high.
Its originator is a well-known baseball player Micha Johnson. It originated from overhearing a conversation between a black little boy and his mother. The little boy asked his mother if the astronauts were black, so Micha Johnson decided to release a series of black little boys wearing helmets who dream of becoming astronauts. It's a pretty good story.
So how did the NFT fail behind such a warm story? To some extent, the project side is more eager to make money than the so-called warm heart public welfare, so it lifted a stone and hit itself in the foot, because it uses a unique Dutch shooting method.
The traditional auction method is to set a low price, and then everyone calls up the price. Finally, the highest bidder can buy it. This is the British auction. The Dutch auction is to set a maximum price first, and then gradually reduce the price. Finally, someone will buy it at a certain price point. The Dutch auction tests human nature more, because everyone wants to wait for the lowest price, but they are afraid that others will buy it first.
Azuki is shot in the Netherlands, but akutar has changed the auction method compared with azuki. The price of azuki decreases dynamically, so the later you buy, the lower the price, and the earlier you buy, the higher the price. Akutar has added a "refund" rule, which seems to be more user-friendly, but I think it actually wants to get more money.
As shown in the figure below, the starting price of the auction is 3.5eth. If it is reduced by 0.1eth every 6 minutes, the person who buys the lowest price will become the standard price, and other users who buy higher than the price will get a refund. For example, the last lowest selling price is 1.5eth, and all those who offer higher than 1.5eth will get a refund of the price difference. In fact, this is to make users feel confident and bold to buy, and do not stay at the lowest price, Even if you buy it high, you can get a refund.
Therefore, akutar will have a huge fund pool to store the money paid by all users. This part of money includes what the project party deserves and what needs to be returned to users. Here is a knowledge first. As mentioned in the previous article, the nature of smart contract is the same as your own wallet address. It is a blockchain address that can receive and send virtual currency. When you are working on a project in mint, In fact, you first call the money to the project contract address, and then the contract will transfer you to an NFT, that is, all NFTs are sold in the primary market. The money first arrives at the contract address, and then the project party will withdraw the money from the contract and put the money in the contract into its own wallet.
This time, 200 million yuan is locked because there is a bug in the withdrawal step, because the tamper proof feature of blockchain smart contract makes it impossible to repair the bug. If there is a bug in the traditional Internet that makes it impossible to withdraw money, it can be repaired iteratively. However, in Web3, it means that you can only face the 200 million yuan in this life.
Let's take a look at what some key codes have done to help you understand the principle, and then analyze what went wrong.
Let's first learn the principle of Dutch auction. First, get the current price. Here we get the time block of the latest block Timestamp, then subtract the start time startat from the current time and divide it by 6 (because the price is reduced every 6 minutes), so as to obtain how many times the price should be reduced. Then multiply the price reduction times by the price reduction amount to calculate the total discount of the price. Finally, subtract the price reduction amount from the starting price startingprice to obtain the current fee that should be paid. In fact, the amount mentioned in the contract can be written in the code of the back door at any time, which can be modified according to the situation of the back door.
How to get the price is clear. Let's see what happens in the process of user bidding. I won't write all this code if it's too long. Pick the important ones.
First obtain the current price mentioned above, and then multiply it by the amount of the quantity purchased by the user to obtain the total price that should be paid. Then judge whether the price value actually paid by the user is greater than the total price. If it is greater than the total price, it means that the money is enough, and then go down.
Here, we first define what a quotation bid contains, including the bidder's address, price, specific quotation, total purchase quantity of bidsplaced, and finalprocess refund status. 0 is refund, 1 is refunded, and 2 is cancelled refund.
Next, we come to the first place to bury the pit: totalbits indicates the number of NFTs currently auctioned. The default is 0. Each time there is a user quotation, add the amount of the user to buy. Remember here, we will use it later.
Then the second pit is buried: a parameter called bidindex is used to store how many users generate a quotation. Remember these two parameters. Totalbits stores the total number of NFTs sold and bidindex stores the total number of NFTs bought.
Let's talk about the refund process for users. The project party should first click a button called processrefunds to start the refund. The logic behind this button is to cycle all users who bid once. The number of cycles is the bidindex that stores the number of bidders just mentioned. The content of processing is to first judge whether the user finalprocess refund status is 0. 0 means that the refund has not been made. If it is 0, continue to execute downward. Subtract the lowest transaction price from the user's current quotation and multiply it by the purchase quantity, which is equal to the price difference to be returned to the user.
Then set the final process user's refund from 0 to 1, which means that the refund has been completed, so the user can't refund again.
The parameter refundprogress is used to record the number of people who have completed the refund, and 1 will be added for each user who has completed the refund. Because it circulates according to the bidindex of the number of bidders, refundprogress and bidindex are the same. In fact, there is no problem here. The original bidder and the refunder should be the same, but! Then look down!
What is the logic of the withdrawal of the project party, and what loopholes make it unable to withdraw?
The following figure shows the withdrawal function of the project party, that is, when the project party clicks the claim project funds button, it can put the money into its own wallet. There are three levels of verification. The first level is to verify whether the auction has been ended. If it is finished and enters the second level, it is to verify whether the number of refunds is greater than the number of quotations. In fact, the project party is kind here, because it is necessary to ensure that everyone returns the money and the project party withdraws again, But there is a problem with the verification of this layer. Do you remember what totalbits means? It's the number of NFT sold, not the number of quotes!
You will ask, what's the matter? A person can buy more than one NFT when quoting. The number of refunds is actually the number of buyers. You ask that the number of buyers exceed the number of NFTs sold, but each person can buy more than one. As long as one person buys two, it means that the number of buyers can never be greater than the number of NFTs sold. 10 people sell 11. How can you ask that 10 be greater than 11?
Let's take a look at Etherscan. The number of refundprogess is 3699, indicating that there are 3699 people making offers, but the number of totalbits is 5495, that is, 5495 have been sold, far more than 3699. In this life, refundprogess can't be greater than totalbits. The 200 million yuan will always be locked in the contract for future generations to observe.
Therefore, the project side wrote the wrong word. It should have wanted to write the number of bidindex buyers. As a result, it wrote the number of totalbids sold. One word is worth 200 million, which should be the most expensive word in the world. Remember this word totalbids, which is worth 200 million!
In this article, I took you to learn a New Mint mode and its principle. In addition, I took you to know a 200 million word totalbids.