An NFT project known as AkuDreams was hit by turmoil when $34 Million ETH got locked into the Smart Contract Mistake. Everything was all set last Friday (22nd April), when Micah Johnson’s Akutars project launched to great hype and an already established fanbase.
As soon as the NFT collectors flocked to the website to take part in securing the NFTs, things took a turn for the worse when their Smart Contract began creating errors which ultimately led to the loss of a whopping $34 million.
While people are trying to handle the losses incurred and to continue with the launch of the project, we can all take this incident as a cautionary tale, and how this can impact the world of NFTs at large.
What Happened with Akutars?
The Akutars collection features a total of 15,000 NFTs, and was set as the next phase in the life of Micah Johnson’s character Aku. The project was launched through a Dutch auction – this is sale that starts at an established amount but then drops with time to the final sale amount. When the contract went live, a huge number of NFT enthusiasts made their way to the website to get their hands on the Avatars. Despite the starting price of 3.5 ETH, thousands of transactions had been submitted by collectors.
So, what went wrong? According to a Twitter thread posted by 0xInuarashi, Akutars Smart Contract was coded in a way that refunds to the bidders had to be processed first before the teams could withdraw any of the funds.
There was a clause in the contract which stated that the minimum number of bids must be made before allowing the team to opt out of it. However, the minimum number of bids was set equal to the number of NFTs that were available for auction.
Unfortunately, because the buyers issued multiple NFTs in a single application, the terms of the contract mean that it cannot be unlocked, which permanently locked $34 million in Ethereum into the Smart Contract.
Early on during the launch, an NFT community member Hasan went to Twitter to voice his concerns regarding potential issues in the project’s smart contract. He considered this to be an urgent matter and hence contacted the Akutars development team to have this issue sorted out as soon as possible.
He was assured by the development team that there were safety measures in place to prevent any issues but as we can see, they weren’t enough. A hacker who went by the name USER221 quickly became aware of this issue himself and triggered an exploit that led to 11,539 ETH ($34 million) being sealed in the Akutars Smart Contract.
The Hacker later took responsibility for his actions, as he sent a separate note attached to an Ethereum transaction adding that they work to unlock the project. He added “Once you guys publicly acknowledge that this exploit exists, I will remove the block immediately.”
This led to another user adding via the transaction that the Akutars development team should audit their Smart Contracts to have avoided such a huge blunder.
Although the user had halted the contract and unlocked the action, a separate bug appeared in the contract. There was an unresolvable discrepancy that made it impossible for the hacker as well as the Akutars development team to retrieve the funds that were locked in the Smart Contract.
Twitter user 0xInuarashi explains in detail via a Twitter thread the errors in the code which led to this mistake and cost Akutars millions of dollars in the process.
A flaw in the development team’s smart contract code failed to take into account multiple NFT mints within the same transaction, and the contract requires that the funds line up in order for them to withdrawn. This is what led to the $34million being stuck in the automated Smart Contract.
How Can Issues Like This Be Avoided?
This incident sheds light on the fact that this blunder would have been avoided if there was transparency, trust and a sense of community within the NFT landscape. The Akutars team was warned early on by a dedicated member of the community, but they brushed it aside as if it was a minor issue that could be resolved easily. Not paying serious attention to the matter at hand cost them a lot.
Micah Johnson and the Akutars team will never be able to retrieve the $34 million, but have taken responsibility for all of this mess by minting and airdropping all 15,000 NFTs. They are also working to refund early access collectors.
This incident also highlights the fact that while the NFT ecosystem is built on Blockchain, the vast majority of people are completely unaware of how smart contracts actually function. By implementing the best practices, all of these major hurdles can be avoided easily. Companies should pay attention to this to avoid any major mishaps.
How OptimusFox Can Help
OptimusFox has a team of competent developers that make use of Test-Driven Development when it comes to Smart Contracts. Test cases for all of the functionalities are created and tested first and if the test fails, then a new code is written to pass the test and make the code free of bugs and errors.
Our developers write test cases during the Smart Contract Development process using JavaScript. We make use of the following best practices to ensure everything goes smoothly and there are no errors during the development process. We implement the follow Test-Driven Development.
1. Smart Contract Mistake Unit Testing
Good unit tests are extremely important when it comes to Smart Contract development. Given the nature of smart contracts, the fact that they’re immutable and responsible for managing a large number of funds makes it all the more crucial to carry out Smart Contract unit testing.
2. Smart Contract Integration Testing
These tests are more complex and validate interactions between multiple components. In smart contracts, this means interactions between different components of a single contract or across multiple smart contracts.
3. Web Integration Testing
This is the process where software modules are integrated logically and then tested as a group. It is then verified if the integrated modules work as expected or not.
Our services help you validate behaviors within your smart contract and help you confirm that your code performs in the way it was expected to perform.
These tests will also help you get the assurance that newly added code does not have unexpected side effects. They also help you save time debugging, so when an unexpected error appears, your test suite will allow you to immediately find out the potential causes.
Our team at OptimusFox uses a security-focused mindset that delivers flawless and high-quality code for your Smart Contracts.