This article reviews the "Show Operation" of the Web3 project party in 2022
Original post by iambabywhale.eth, Foresight News
2022 is coming to an end, and this year the Web3 world and the global economy have fallen into a trough. In addition to the macro environment, the successive thunderstorms of institutions such as Terra, Three Arrows Capital, Celsius, and FTX have dealt a severe blow to the Web3 field, which was already affected by the macroeconomic environment.
The market went all the way down without turning back, and there was no sign of recovery even at the end of the year. In the "encryption winter" that is likely to continue, let's review together the ridiculous "show operations" of many Web3 projects this year, and welcome the upcoming 2023 with a relaxed attitude.
Parameter error, reward was "paid in advance"
At the beginning of the year, the ILO of X2Y2 in the NFT market attracted a lot of attention from the market. The model of allocating transaction fees to token holders made everyone look forward to "decentralized OpenSea" for X2Y2. When the NFT market was still hot at the beginning of the year, X2Y2 tokens fell all the way after a short-term rise. When everyone was surprised, the project team discovered the problem when the pledge was halved: an error occurred when setting the initial parameters of the pledge reward contract , X2Y2 allocated 56% of the 200 million total rewards in the first 30 days, instead of the originally planned 18%, due to a parameter error.
The upper part of the figure is the planned reward amount, and the lower part is the actual reward amount
This mistake made it difficult for many users who had placed high hopes on it at that time. Later, X2Y2 also launched a token burning plan to minimize the consequences of this mistake. Now X2Y2 has developed into a backbone force in the NFT market, and the original mistake has gradually been forgotten.
The transfer address was wrong, and none of the 120 verification nodes found it
At the beginning of this year, Evmos and Juno, the two major projects in the Cosmos ecology that airdrop ATOM stakers, became popular briefly, but the airdrop and mainnet launch of the two projects faced many difficulties. Among them, Juno has performed outrageous operations more than once.
First of all, a large investor who has obtained millions of JUNO tokens was targeted by the Juno community because of cashing out part of it, so an outrageous proposal to reduce the whale's holdings from 3 million to 50,000 was just like this Born and finally passed. However, in view of the fact that the giant whale obtained a large number of tokens by taking advantage of loopholes in the airdrop rules, and promised to continue selling most of them after staking, such a "centralization" proposal is still understandable.
After that, an even more breathtaking operation took place. A developer transferred 3 million JUNOs that should have been transferred to the community address to the wrong address. What's even more outrageous is that none of the 120 verification nodes in the entire network found that the receiving address was wrong. Afterwards, the community had to submit a proposal to transfer the funds back to the community address, and this farce ended.
There is a loophole in the code, and the user is in danger of becoming the "richest man in the world"
As the issuer of NEAR's native overcollateralized stable USN, Decentral Bank can be said to have created the shortest life cycle of an algorithmic stablecoin: 6 months. As one of the main investors of NEAR, FTX and Alameda Research went bankrupt, which caused the price of NEAR to fall all the way, making USN's mortgage rate insufficient, and finally caused NEAR to abandon USN.
In a situation where the market environment is deteriorating and the future is unknown, it may not be a good choice for NEAR to choose a strong man to cut his wrist to reduce costs, but what we are going to talk about today is not the event itself.
On July 8 this year, more than two months after the USN was officially launched, it was discovered that there was a huge loophole in the USN that almost "taken away" the USN directly. This vulnerability occurs when a user uses USN to exchange for USDT through Decentral Bank. If there is no USDT in the user's wallet, the transaction will fail. At the same time, due to counting errors during contract refunds, the amount of refunds will increase by 1 trillion times. When a user exchanged 5 USNs for USDT, the contract returned nearly 10 trillion USNs after two attempts due to a bug.
Fortunately, this vulnerability has not been widely exploited to cause irreparable damage. At a time when the security of algorithmic stablecoins is being questioned more and more, although stablecoins have important strategic value, whether to launch them and when to launch them need to be carefully grasped.
Wintermute lends money to wrong address
The airdrop of Optimism, the second-tier network of Ethereum, is one of the few hot spots in this year's bear market, but some operations that followed made this star project that has raised hundreds of millions of dollars surprising.
The first outrageous operation happened in June, but the protagonist of the story was not Optimism, but Wintermute, a market maker who mortgaged 50 million US dollars to borrow 20 million OPs for market making. Due to internal mistakes in the team, Wintermute provided Optimism with a The Gnosis Safe multi-signature wallet address deployed on the Ethereum mainnet is not the Optimism address prepared in advance. This outrageous mistake allowed a hacker to steal the 20 million OP through a replay attack. Afterwards, the hacker traded 1 million OPs for Ethereum, transferred 1 million to the address of Ethereum founder Vitalik Buterin, and returned 17 million OPs. In the end, Wintermute said that it would refund the remaining 2 million OP, and the story ended here.
The annual inflation rate is wrongly increased by 10 times, and Optimism is urgently "erased"
The book continues, the second story happened in October, Optimism tweeted that when the OP token was launched, the total supply was announced to be inflated at a rate of 2% per year, but when the contract was deployed, the rate was wrongly set to 20%, will update the contract logic to the expected 2% later today. Fortunately, OP's inflation will start in 2023, so it did not cause much impact.
Optimism, Wintermute, Juno, and X2Y2 all made low-level mistakes such as wrong addresses or parameters, which tells us that we should be serious and careful when dealing with on-chain transactions that have no way back.
The withdrawal amount was wrongly recorded in the account number, and the user is happy to withdraw the tens of millions of prizes
As the first batch of cryptocurrency exchanges to be FUDed after FTX filed for bankruptcy, Crypto.com temporarily "caught up" by disclosing reserve information, but this year the exchange also did some "stupid things".
Although the first incident did not happen this year, it has not been properly resolved until this year. In May 2021, two Melbourne female users received A$10.5 million in funds when they made A$100 withdrawals on the crypto exchange Crypto.com. It was not discovered by Crypto.com until the annual audit in December 2021. According to Crypto.com, an employee mistakenly entered the account number as the withdrawal amount when making a payment, resulting in a large amount of money being transferred to his bank account by mistake, followed by Crypto.com's lawsuit, and the Supreme Court of Victoria ruled in August, These funds must be returned to the company.
Hundreds of millions of dollars in assets were "wrongly transferred"?
If the first thing is understandable, the second seems suspicious. On November 13th, Twitter user @jconorgrogan tweeted that the data on the chain showed that a Crypto.com address had transferred about 285,000 ETH to the Gate.io exchange address in October, and Gate.io returned it a few days later Crypto.com another address, but both addresses subsequently appeared in the list of cold wallet addresses published by Crypto.com for offline storage of user assets. Kris, CEO of Crypto.com, replied that "this was supposed to be a new cold wallet address, but was sent to a whitelisted external exchange address. We worked with the Gate.io team and the funds were then returned to our cold wallet .To prevent this from happening again, we have implemented new processes and features."
According to Kris, Crypto.com mistransferred hundreds of millions of dollars worth of Ethereum to Gate.io. If this is the case, it can only be said that such a mistake is too outrageous, and it may directly send Crypto.com away. However, many people speculate that this move may be a lending behavior for the proof of reserves, and the real situation may only be known to the parties involved.
Attack yourself in advance to prevent being attacked
On November 4th, Beijing time, pGALA, the token pGALA cross-chained from Gala Games to BNB Chain through pNetwork, suddenly plummeted to almost zero. Later, it was learned from the information on the chain that an unknown address minted pGALA tokens worth 1 billion US dollars out of thin air on the BNB Chain and almost exhausted the pGALA/BNB liquidity pool.
Everyone thought it was a typical hack until 2 days later...
On November 6th, Beijing time, the pNetwork team noticed a misconfiguration of GALA's pNetwork cross-chain bridge. Due to a misconfiguration, the ownership of the pGALA smart contract deployed on the BNB Chain has been taken over by hackers. The funds involved in the fund pool were 400,000 US dollars, and the attacker who obtained the ownership of the smart contract did not launch any attacks at that time.
Afterwards, pNetwork contacted Gala Games and decided to suspend the cross-chain bridge and drain the pGALA/BNB PancakeSwap pool liquidity through a white hat operation in an attempt to preserve BNB so that funds can return to all its liquidity providers once the situation is under control .
Then, we saw a lot of additional issuance and the price collapse. Leaving aside whether pNetwork’s way of draining the liquidity pool is reasonable or not, but because it did not come forward to clarify the matter at the first time, Huobi was arbitraged because it did not immediately close the recharge channel. Such pretentious behavior is really not advisable.
$600 million was stolen, and the project party realized it later
In March of this year, the Axie Infinity sidechain Ronin Network was hacked, resulting in the theft of 173,600 ETH and tens of millions of USDC worth more than $600 million. The attackers operated for nearly two months simply transferring the stolen assets. This time, it was finally suspected that the North Korean hacker team was responsible for invading the computer of technicians through false offers, thereby controlling some verification nodes of Ronin Network, and finally gained control of liquidity funds.
The most puzzling thing about this incident is that the theft of funds occurred on March 23, and the project team did not realize that the funds were stolen until March 29 when they tried to cross-chain and found that there was no liquidity, so they missed the rescue The perfect time for stolen funds. In the end, although some funds were intercepted by the project team and law enforcement agencies, most of the funds still fell into the pockets of hackers.
Of course, the foresighters of this incident did not take advantage of it. Encryption KOL Cobie tweeted after the project party publicly stated that funds were stolen, saying that 6 days ago, it was discovered that the Axie Infinity sidechain Ronin Network was stolen 600 million US dollars, and it was highly leveraged. Short AXS. Because no one noticed the existence of the hacker for 6 days, it was liquidated within 24 hours after the short sale.
Ukraine: Airdrop expected to raise money first country
Obviously, the Ukrainian government is not the party behind the Web3 project, but the way it uses airdrop expectations to attract donations has to be said to be really professional.
Time goes back to the beginning of the year, and a moderate war broke out between Ukraine and Russia. Subsequently, the Ukrainian government itself and some third parties opened up channels for cryptocurrency donations. The Ukrainian government then stated that it would airdrop donors, and announced on March 2, Beijing time that a snapshot would be taken at 0:00 Beijing time, March 4. On the day when the snapshot time was announced, the amount of donations exceeded 50 million US dollars. Many cryptocurrency users who had no intention of donating themselves joined the donation army for "airdrops".
While everyone was waiting for the airdrop to be released with great anticipation, Ukrainian Deputy Prime Minister Mykhailo Fedorov tweeted the day after the snapshot was announced that after careful consideration, the airdrop will be canceled and the NFT used to support the Ukrainian Armed Forces will be announced soon. Issue plan.
Although this move may have no effect on those who wanted to help Ukraine, it made the people who donated for the airdrop very dissatisfied. Afterwards, the Ukrainian government introduced a variety of "games" to raise donations, but the behavior was obvious. Many people have stopped catching a cold, and have ridiculed themselves that they have been "reverse".
