As shaky starts go, you’d be hard pressed to match that of the hotly anticipated Akutars project, locking away a cool $33 million in an impenetrable smart contract and experiencing a major exploit all on launch day.
Buggy Code Locks Away $33 Million
Shunning the standard approach, where collectors simply exchange juicy coin for delicious NFTs, Akutars dared to be different, choosing to conduct their public sale in way of a modified Dutch style auction. Meaning, once all the NFTs were accounted for, the lowest successful bid would set the price for the whole collection. Afterwards, Akutars would refund any that didn’t cut the mustard, as well as providing a 0.5 ETH rebate for mint pass holders. This refund is where the whole project began to unravel.
In order to protect collectors, the developers introduced two major safeguards to the smart contract. Firstly, accumulated coin would remain locked until it had processed all refunds. Secondly, it required a minimum number of bids before the team could make a withdrawal. That minimum equalling the number of NFTs for sale.
However, in what may win the award for the second biggest oversight of the year, the project allowed individuals to place a single bid for multiple items. Meaning the minimum number of bids will perpetually represent an unattainable figure. Therefore, a mighty 11,539.5 ETH, will remain locked within the smart contract forever, viewable by all, but wholly and intrinsically inaccessible to every person in the universe.
$34 million, or 11,539 eth, is permanently locked into the AkuDreams contract forever. It cannot be retrieved by individual users or by the dev team.
The refund processing, which is complete, sets each bid status to 1. pic.twitter.com/6GnQPnddC6
— foobar (@0xfoobar) April 23, 2022
Double the Trouble with Additional Exploit
In addition, and paling in comparison, a further problem emerged from Aku’s bug ridden code. Prior to the launch, concerned community developers attempted to warn the project of a potential exploit, an issue they reportedly brushed off as a ‘feature’. So, to get their attention, one anonymous white hat hacker ran a ‘griefing contract’ during the auction, leaving a message for devs embedded on the blockchain. After Akutars publicly acknowledged the exploit, the hacker then kindly resolved the issue.
Despite the catalogue of enormous setbacks, the Aku project will honour all of its contracts. Therefore, pledging to mint and airdrop all the remaining NFTs once they are sure the contract is secure, while additionally continuing to process all promised refunds.
Take a look at the locked funds >> Here