The @DegenTrashPanda mint was paused to address vulnerabilities in the Candy Machine NFT deployment protocol
CMv2 was rewritten in a frenzy of coding by @redacted_j and just 2 weeks later, the mint is now reopened
Some background on CMv2 & why you should be excited for DTP🧵👇
CMv2 was rewritten in a frenzy of coding by @redacted_j and just 2 weeks later, the mint is now reopened
Some background on CMv2 & why you should be excited for DTP🧵👇
The DTP mint kicked off late November. Shortly after it was discovered that many super rare & mythic tokens were being sniped by a botter. The community investigated, went through the details & took action.
https://twitter.com/sainteclectic/status/1465150289804083204?s=20
Several factors created conditions that supported the botting:
1. There was a full week between the FLP lottery & mint
2. A market to trade DTP tokens was created on dexlabs
This gave time for the botter to acquire a large # of tokens in preparation for the mint
1. There was a full week between the FLP lottery & mint
2. A market to trade DTP tokens was created on dexlabs
This gave time for the botter to acquire a large # of tokens in preparation for the mint
3. The size of the mint (20k tokens)..
4. .. & the fact it was open indefinitely meant that people were didn't have to mint quickly (though this may not have mattered since they utilized DDoS attacks)
5. Lastly & crucially, the metadata & order of the CM was retrievable
4. .. & the fact it was open indefinitely meant that people were didn't have to mint quickly (though this may not have mattered since they utilized DDoS attacks)
5. Lastly & crucially, the metadata & order of the CM was retrievable
#5 is the key flaw of CM v1 that allowed sniping. The order mattered less in previous mints because they used to sell out within seconds, making it difficult to snipe.
Though of course those mints were still susceptible to bots flooding transactions like @AuroryProject
Though of course those mints were still susceptible to bots flooding transactions like @AuroryProject
In this case the botter used DDoS attacks to slow down the CM and lock minters out when a super rare was approaching, creating 400+ transactions in 30 seconds right before successfully minting the Crown Admiral.
After this the bot transactions went quiet for 14 minutes then...
After this the bot transactions went quiet for 14 minutes then...
... the bots fired up again and sent 500+ transactions in 40 seconds to jam the CM in anticipation of snagging this Acid Panda token which it then successfully minted.
Given the severe botting the mint was paused on November 29 to allow this exploit to be rectified.
2 weeks later...
2 weeks later...
https://twitter.com/pit_the_panda/status/1464790341576441871
... Enter Candy Machine v2. Written in a coding frenzy by @redacted_j, working with Brett from @civickey to implement the Captcha to gatekeep minting entries.
https://twitter.com/redacted_j/status/1469786139678629891?s=20
CMv2 uses recent blockhash for random selection of arweave URLs.
After you fill out the captcha it grants temporary program derived address (PDA) for a short duration.
The PDA is owned by the Civic identity program and when you mint the PDA is "punched" & invalidated.
After you fill out the captcha it grants temporary program derived address (PDA) for a short duration.
The PDA is owned by the Civic identity program and when you mint the PDA is "punched" & invalidated.
This is pretty effective at stopping bots because on top of the randomness and PDA, CMv2 only allows instructions in the transaction from only the token program and the Candy Machine - preventing cherry picking attacks.
The biggest challenge of CMv2 is keeping CPU usage low with the random selection of arweave urls so @redacted_j implemented a method to speed up entry assignment - making CMv2 fairly viable and cheap. Still, you may notice some lag while using it!
CMv2 was first deployed and tested on the "People Nipple Cats" which was a test mint.
Needless to say, I miiiiiiiiiiiiiiiinted.
(Bonus: the art references previous disaster project @TheBearGangNFT)
Needless to say, I miiiiiiiiiiiiiiiinted.
(Bonus: the art references previous disaster project @TheBearGangNFT)
It didn't take long for the bots to start arriving, but so far CMv2 was able to deal with them pretty well.
https://twitter.com/redacted_j/status/1470234172555935748?s=20
So where does this leave us?
- 14173 tokens have been minted with ~6k to go
- Most of the ill gotten gains have been sold back into the market to holders who want to participate in the project
- 114 DTP tokens still held by the botter
- Mint is now open for you to safely proceed
- 14173 tokens have been minted with ~6k to go
- Most of the ill gotten gains have been sold back into the market to holders who want to participate in the project
- 114 DTP tokens still held by the botter
- Mint is now open for you to safely proceed
Since the mint has restarted, it's nice to see people starting to mint super rares & mythics after this joy was robbed from the rest of us - people old and new to Solana NFTs.
https://twitter.com/gordillogroup/status/1471383844813262848?s=20
While its been relatively quiet, rest assured @pit_the_panda has been busy implementing. After all the Joker is a madman but he always seems to have a plan.
So after all of the hype, drama & controversy why should you still be excited?
So after all of the hype, drama & controversy why should you still be excited?
1. @DegenTrashPanda remains an NFT project with a unique & innovative approach to blockchain gaming built by some of the best devs. CMv2 was written in 2 weeks meaning the team were able to get the help of industry-leading resources
2. The project is an entry point into the Degeniverse - a fun & irreverent brand underpinned by detailed 3D art (by Monoleaf? @monoliff) and represents exposure to one of the first major NFT projects that helped cement Solana as a viable blockchain for NFTs
3. By owning a DTP you gain access to the @DegenDAOO a strong and active community of builders, creatives, investors & pioneers on the Solana blockchain.
While there are a couple of channels that require you to have a Degen Ape, most are open to trash pandas
While there are a couple of channels that require you to have a Degen Ape, most are open to trash pandas
So far we've had IRL communities spring up in HK, Singapore, UK and the SF Bay area. Online we've started a parents channel, health & fitness and a gaming channel.
This is the community you join by hopping into the Degeniverse.
This is the community you join by hopping into the Degeniverse.
4. You have sideshow tickets to an entertaining rollercoaster ride. A shared experience.
NFTs with real life performance art mixed into a napalm cocktail delivered by flamethrower.
And we haven't even started the blockchain game yet.
NFTs with real life performance art mixed into a napalm cocktail delivered by flamethrower.
And we haven't even started the blockchain game yet.
So what now?
There are ~6k tokens left to mint, so get to it!
Then if you're up for the adventure, stick around and welcome to the Degeniverse.
There are ~6k tokens left to mint, so get to it!
Then if you're up for the adventure, stick around and welcome to the Degeniverse.
Big thanks to @redacted_j & @Lumina191 who helped with some of the background research and details!
@macdevclone @munkionpluto @blocmatesdotcom @mdudas @blokculture @MoneyNft @BoardApes @jmt_nft @NewDumbMoney @pit_the_panda @vipr_the_panda @0x1dad @vladtoni @timsamoylov @rawrXBT @r0b0sapiens @DegenSenpaii @Alfonso_Comino
@knox_trades @solboyz @sallywang666 @thugbirdz @pablocorrea @PeterHollens @degenHFP @SollyTheSolApe @ezbucko @NFTjordy @0xOmniman @dvoretskyi @baalazamon @metaplex
@DigitalxMisfits @jakeudell @TheDeadstockOG @boredgentleman @CapetainTrippy @degen_inc @MilstGuga @0x_thug @CamTuff_ @SollyTheSolApe @whyteuk @allaboutdatass @DegenArmstrong @Funksonait @allaboutdatass @MonterreyRice @NickyScanz
• • •
Missing some Tweet in this thread? You can try to
force a refresh
