Akutar NFT contract permanently locks $34 million


TL;DR Breakdown

  • A single-line of code error led to a permanent lock of $34 million.
  • The Akutar team ignored a red flag from a security specialist.
  • Some critics picked the issue and condemned the team.

Akutar held a dutch auction for their NFT drop, but a bug in the smart contract blocked off the minting funds worth $34 million. Before minting, there were concerns about a bug that could exploit various operations, but the team overlooked them. They felt that nobody could exploit the function of processing refunds.

As minting took place, an unknown person decided to capitalize on the bug and stopped all refunds and withdrawals. However, the person intended well as he only wanted to highlight the issue. Finally, the team removed the block, paving the way for minting to proceed.

Smart contract locks funds

The contract faced another glitch when a second bug in its code failed to account for people minting multiple NFTs in a single transaction. To withdraw funds, the contract requires the counter to add appropriately. Since it couldn’t do so, the claim project hand function couldn’t execute well, leading to the smart contract locking the assets forever.