{"id":436988,"date":"2022-04-25T08:01:18","date_gmt":"2022-04-25T05:01:18","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/akudreams-dev-team-locks-up-34m-due-to-smart-contract-bug\/"},"modified":"2022-04-25T08:01:18","modified_gmt":"2022-04-25T05:01:18","slug":"akudreams-dev-team-locks-up-34m-due-to-smart-contract-bug","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/akudreams-dev-team-locks-up-34m-due-to-smart-contract-bug\/","title":{"rendered":"# AkuDreams dev team locks up $34M due to smart contract bug"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2ee80b9814e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2ee80b9814e\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/akudreams-dev-team-locks-up-34m-due-to-smart-contract-bug\/#%E2%80%9D_AkuDreams_dev_team_locks_up_34M_due_to_smart_contract_bug_%E2%80%9C\" >&#8221; AkuDreams dev team locks up $34M due to smart contract bug &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/akudreams-dev-team-locks-up-34m-due-to-smart-contract-bug\/#The_33M_Bug\" >The $33M Bug<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/akudreams-dev-team-locks-up-34m-due-to-smart-contract-bug\/#The_exploit\" >The exploit<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_AkuDreams_dev_team_locks_up_34M_due_to_smart_contract_bug_%E2%80%9C\"><\/span>&#8221; AkuDreams dev team locks up $34M due to smart contract bug &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDQvNDkzYjY5MGYtNTA4NC00MmRiLWJlNDktM2EwM2U4ZTMwOTY0LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-2a0745c6>The highly anticipated NFT project Akutars was marred by both an exploit and a bug on the weekend causing over 11,500 Ethereum (ETH) worth nearly $33 million to be locked forever within a smart contract, inaccessible even to the development team.<\/p>\n<p>The exploit however, was conducted by someone trying to show a vulnerability in the project and not to steal funds via a hack. <\/p>\n<p>The project went live on Friday April 22 with a Dutch Auction, a type of auction where the price lowers until it receives a bid, with the first bid winning the sale as long as the price is above reserve. <\/p>\n<p>The auction opened at 3.5 Ethereum with only 5,495 of the available 15,000 NFTs up for sale and the smart contract set to refund any bidders who were underbid. Holders of an \u201cAku Mint Pass\u201d were also given a 0.5 Ethereum discount on each minted NFT.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"The_33M_Bug\"><\/span>The $33M Bug<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In a April 23 <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xInuarashi\/status\/1517674505975394304\">thread<\/a> explaining the whopping $33 million bug, 0xInuarashi, a developer of multiple NFT projects explained Akutars&#8217; smart contract was coded so that refunds to bidders had to be processed first before the team could withdraw any funds.<\/p>\n<p>The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/address\/0xf42c318dbfbaab0eee040279c6a2588fa01a961d\">contract<\/a> had a caveat that a minimum number of bids had to be made before it would allow for the team to withdraw, but the minimum number of bids was set to equal the amount of NFTs available for auction.<\/p>\n<p>Unfortunately, due to some buyers minting multiple NFTs within the same bid, the terms of the contract mean it will never unlock, sealing away the nearly $33 million in Ethereum forever. <\/p>\n<p>Cointelegraph contacted the Akutars team for comment but did not immediately hear back.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"The_exploit\"><\/span>The exploit<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In a now deleted <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/web.archive.org\/web\/20220422224644\/https:\/twitter.com\/AkuDreams\/status\/1517635927056732162\">tweet<\/a> posted by the Akutars that was shared by DeFi developer foobar, it said that developers reached out to them warning that their contract could be exploited but <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>eared to\u00a0 shrug them off\u00a0 completely as they labelled the potential exploit a \u201cfeature\u201d.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The AkuDreams team pretended that this was a feature, not an exploit, when multiple developers raised concerns prior to mint. Bizarre justifications. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/cVgEXnnWzF\">pic.twitter.com\/cVgEXnnWzF<\/a><\/p>\n<p>\u2014 foobar (@0xfoobar) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xfoobar\/status\/1517662967633952769?ref_src=twsrc%5Etfw\">April 23, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>During the mint an unknown individual executed what\u2019s known as a \u201cgriefing contract\u201d which locked the ability of the Akutars contract to process refunds to those underbid. The individual even embedded a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xInuarashi\/status\/1517679015166984194\">message<\/a> on the blockchain to the Akutars team saying they would stop the contract:<\/p>\n<blockquote><p>\u201cWell, this was fun, had no intention of actually exploiting this lol. Otherwise I wouldn\u2019t have used Coinbase. Once you guys publicly acknowledge that the exploit exists, I will remove the block immediately.\u201d<\/p><\/blockquote>\n<p>Akutars then promptly <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/AkuDreams\/status\/1517679687698464768\">responded<\/a> by\u00a0 taking responsibility for the code and suggested that the exploit \u201cwas not done out of malice\u201d and the person \u201cintended to bring attention to best practices for highly visible projects.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Quick Update (will go into more detail asap):<\/p>\n<p>1. The exploit in the contract was not done out of malice; the person intended to bring attention to best practices for highly visible projects &amp; novel mechanics. They unblocked the exploit quickly after we dug in and took ownership<\/p>\n<p>\u2014 Aku :: Akutars (@AkuDreams) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/AkuDreams\/status\/1517679687698464768?ref_src=twsrc%5Etfw\">April 23, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In a tweet on the same day, the project&#8217;s founder and former pro-baseballer Micah Johnson <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Micah_Johnson3\/status\/1517718342622195712\">offered<\/a> an apology to the community, noting that after letting them down he will &#8220;continue to build brick by brick&#8221; and work tirelessly to avoid any similar issues moving forward.\u00a0 <\/p>\n<p>The team also said that it will be issuing 0.5 Ethereum refunds to pass holders as well as airdropping the NFT to successful bidders.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The mistakes that were made are no more costly to anyone than myself. I\u2019ve reinvested most everything into building Aku. <\/p>\n<p>&amp; most everything will go back to refunds and we will keep building what we set out to do.<\/p>\n<p>Brick by brick. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/vQiPbl0Jpl\">https:\/\/t.co\/vQiPbl0Jpl<\/a><\/p>\n<p>\u2014 Micah Johnson (@Micah_Johnson3) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Micah_Johnson3\/status\/1517877506187186177?ref_src=twsrc%5Etfw\">April 23, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In an <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/AkuDreams\/status\/1518289808107393025\">update<\/a> posted on Sunday April 24 the team said it had rewritten its minting contract which was then audited by several developers and plans to mint on Monday April 25.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct<\/em><\/strong><\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/akudreams-dev-team-locks-up-34m-due-to-smart-contract-bug\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; AkuDreams dev team locks up $34M due to smart contract bug &#8220; The highly anticipated NFT project Akutars was marred by both an exploit and a bug on the weekend causing over 11,500 Ethereum (ETH) worth nearly $33 million to be locked forever within a smart contract, inaccessible even to the development team. The&#8230;<\/p>\n","protected":false},"author":1,"featured_media":436989,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDQvNDkzYjY5MGYtNTA4NC00MmRiLWJlNDktM2EwM2U4ZTMwOTY0LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74882,95118,75434,90498,67880,76781,57111,70944],"class_list":["post-436988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-hacks","tag-nft","tag-smart-contracts","tag-smartcontracts","tag-auction","tag-coding","tag-explained","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/436988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=436988"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/436988\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/436989"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=436988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=436988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=436988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}