The @DegenTrashPanda mint was paused to address vulnerabilities in the Candy Machine NFT deployment protocol
CMv2 was rewritten in a frenzy of coding by @redacted_j and just 2 weeks later, the mint is now reopened
Some background on CMv2 & why you should be excited for DTP🧵👇
The DTP mint kicked off late November. Shortly after it was discovered that many super rare & mythic tokens were being sniped by a botter. The community investigated, went through the details & took action.
Several factors created conditions that supported the botting: 1. There was a full week between the FLP lottery & mint 2. A market to trade DTP tokens was created on dexlabs
This gave time for the botter to acquire a large # of tokens in preparation for the mint
3. The size of the mint (20k tokens).. 4. .. & the fact it was open indefinitely meant that people were didn't have to mint quickly (though this may not have mattered since they utilized DDoS attacks) 5. Lastly & crucially, the metadata & order of the CM was retrievable
#5 is the key flaw of CM v1 that allowed sniping. The order mattered less in previous mints because they used to sell out within seconds, making it difficult to snipe.
Though of course those mints were still susceptible to bots flooding transactions like @AuroryProject
In this case the botter used DDoS attacks to slow down the CM and lock minters out when a super rare was approaching, creating 400+ transactions in 30 seconds right before successfully minting the Crown Admiral.
After this the bot transactions went quiet for 14 minutes then...
... the bots fired up again and sent 500+ transactions in 40 seconds to jam the CM in anticipation of snagging this Acid Panda token which it then successfully minted.
Given the severe botting the mint was paused on November 29 to allow this exploit to be rectified.
... Enter Candy Machine v2. Written in a coding frenzy by @redacted_j, working with Brett from @civickey to implement the Captcha to gatekeep minting entries.
CMv2 uses recent blockhash for random selection of arweave URLs.
After you fill out the captcha it grants temporary program derived address (PDA) for a short duration.
The PDA is owned by the Civic identity program and when you mint the PDA is "punched" & invalidated.
This is pretty effective at stopping bots because on top of the randomness and PDA, CMv2 only allows instructions in the transaction from only the token program and the Candy Machine - preventing cherry picking attacks.
The biggest challenge of CMv2 is keeping CPU usage low with the random selection of arweave urls so @redacted_j implemented a method to speed up entry assignment - making CMv2 fairly viable and cheap. Still, you may notice some lag while using it!
CMv2 was first deployed and tested on the "People Nipple Cats" which was a test mint.
Needless to say, I miiiiiiiiiiiiiiiinted.
(Bonus: the art references previous disaster project @TheBearGangNFT)
It didn't take long for the bots to start arriving, but so far CMv2 was able to deal with them pretty well.
So where does this leave us?
- 14173 tokens have been minted with ~6k to go
- Most of the ill gotten gains have been sold back into the market to holders who want to participate in the project
- 114 DTP tokens still held by the botter
- Mint is now open for you to safely proceed
Since the mint has restarted, it's nice to see people starting to mint super rares & mythics after this joy was robbed from the rest of us - people old and new to Solana NFTs.
While its been relatively quiet, rest assured @pit_the_panda has been busy implementing. After all the Joker is a madman but he always seems to have a plan.
So after all of the hype, drama & controversy why should you still be excited?
1. @DegenTrashPanda remains an NFT project with a unique & innovative approach to blockchain gaming built by some of the best devs. CMv2 was written in 2 weeks meaning the team were able to get the help of industry-leading resources
2. The project is an entry point into the Degeniverse - a fun & irreverent brand underpinned by detailed 3D art (by Monoleaf? @monoliff) and represents exposure to one of the first major NFT projects that helped cement Solana as a viable blockchain for NFTs
3. By owning a DTP you gain access to the @DegenDAOO a strong and active community of builders, creatives, investors & pioneers on the Solana blockchain.
While there are a couple of channels that require you to have a Degen Ape, most are open to trash pandas
So far we've had IRL communities spring up in HK, Singapore, UK and the SF Bay area. Online we've started a parents channel, health & fitness and a gaming channel.
This is the community you join by hopping into the Degeniverse.
4. You have sideshow tickets to an entertaining rollercoaster ride. A shared experience.
NFTs with real life performance art mixed into a napalm cocktail delivered by flamethrower.
And we haven't even started the blockchain game yet.
So what now?
There are ~6k tokens left to mint, so get to it!
Then if you're up for the adventure, stick around and welcome to the Degeniverse.
Big thanks to @redacted_j & @Lumina191 who helped with some of the background research and details!
Here's what you need to know about the X'mas❤️mini-game + the innovations this project is pioneering🧵👇#nftcommunity
People who minted DTPs before the pause would have noticed ❤️ traits with a # from 1 to 6 applied to their panda.
This was part of a minigame @pit_the_panda has created for X'mas. In typical Pit / Joker style, he kept us guessing on its objective.
The aim of the game was to reward those who held their pandas longest without moving or listing them. Every snapshot if they had not been moved the ❤️ # decreased, with the aim being to get to 1❤️
The lower the ❤️ #, the greater the chance for your Panda to get an X'mas outfit!
- Floor price crashed from 1 SOL to 0.09 SOL
- They released Halloween items but not much else
- Some community tried to support them but it has been a slow bleed
- Same team has launched @nova_launch to help ppl launch NFTs for a sizeable fee. Beware.
A few lucky @DegenTrashPanda minters received an airdrop panda 3 days ago. These were 30 tokens received from the botter that we wanted to get back into community hands.
In arranging this we had to go through a fair bit of data, so some stats for you🧵👇#solana#nft
- There were 14,173 tokens minted by 5504 wallets before the pause
- This means ~2.6 pandas per wallet minted
- The 8 known bot wallets minted 240 tokens (1.6% of supply)
- He returned 30 tokens (mostly common/uncommons with rare traits, no ultra rares which he kept to sell)
- For the lottery we used random number generation to pick the 30 winners
- Botter wallets were removed from the lottery
- 1 mint = 1 chance
- The odds of winning a returned token was 30/13,933 (0.2%)
- The top non-botter wallet minted 247 tokens. 2nd most was 101 tokens
With its Fair Launch, beautiful 3D art and an innovative approach the @DegenTrashPanda has been a blockbuster mint.
It has also unfortunately attracted bots & bad behaviour.
It's up to the community to investigate & set standards, so here is what we found & the action taken🧵👇
This thread was made with @DegenDAOO members, many of which took it upon themselves to do research, share info & come together to protect the community.
The @DegenTrashPanda mint launched on Nov 24th. After several delays, excited winners of fair launch tokens started swapping their tokens for trash pandas - people excitedly posted their NFTs and twitter was swarmed with Panda profile pictures.
Hot on the heels of his 1,000◎ @DegenTrashPanda purchase, he has now acquired:
- @DegenApeAcademy Ape #744 for 369◎
- Ape #9538 for 173◎
- Ape#9714 for 189◎
A total of 1,731◎ ($328k) spent on the Degeniverse in 2 days👀👇
This wallet BEIJ sent 3594◎ ($682k) from their CEX account on FTX exchange to their Solana wallet to fund their Degeniverse habit.
This does not imply its FTX, this is just what you'd see if you or I transferred SOL across from our FTX CEX account. Read on to see the purchases: