Airdrop culture could pose integral threat to DeFi industry
EtherWrapped, a project designed to provide a yearly summary of users nonfungible token (NFT) activity, launched a little over eight hours ago to palpable fanfare within the crypto community.
The website detailed a plan to airdrop YEAR tokens based upon quantitative engagement statistics in users' MetaMask wallet, or in simpler terms, their number of transactions, volume traded, a gas fees, among other data.
Upon verification on EtherScan, a number of well-regarded developers and engineering experts in the space assessed the coding of the smart contract. Meows.eth noted that these parties saw a “presence of a function titled _burnMechanism,” but concluded that it was merely a harmless error by the seemingly amateur creator.
What we noticed during a brief pass was the presence of a function titled _burnMechanism.This function looked innocent enough, it would fail if you attempted to interact with the contract owner.What myself and others missed is how might one weaponize it for evil. 7/ pic.twitter.com/CthmAw3a2A
— meows.eth (@cat5749) December 31, 2021However, unbeknown to all, the creator of the contract maliciously planted this flaw in order to administer the "revokeOwnership" function soon after, designating new ownership to themselves and subsequently orchestrating a honeypot scenario in which users could only buy, not sell, the asset.
Consequently, those who had connected their wallet and received the airdropped token witnessed their asset soaring in value, and as such, fuelled by the alluring propensity of fear of missing out (FOMO), were incited into purchasing more on the secondary Uniswap V2 market.
It must be stated, the action of interacting with the contract or claiming the token did not result in losses, but rather the ensuing investments into the YEAR asset on decentralized exchanges.
According to EtherScan, the malicious entity was able to siphon 59.7 Ether (ETH) from the scam, equivalent to $225,000 at current prices. In addition to this, the Uniswap V2 contract registered $6.8 million in daily trading volume.
Although not a vast amount in the wider context of DeFi’s $139 billion in total value locked (TVL), the incident does highlight the critical importance of reviewing and verifying the authenticity and contractual diligence of newly formed smart contracts prior to connecting Web 3.0 wallets.
Related: Recounting 2021’s biggest DeFi hacking incidents
Decentralization, often in the form of financial distribution, is one of the fundamental principles of Web 3.0. Whereas the previous iteration of the internet curtailed power to centralized Silicon Valley behemoths, Web 3.0 promises to grant power to the people.
Last year, a panoply of decentralized finance projects, including UniSwap, dXdY, ParaSwap, and others, successfully deployed native assets often valued at tens of thousands of dollars to members of their community in a bid to advance the development of their ecosystem.
Last month, ENS become the latest project to showcase the genuine potential for governance models, and more recently, OpenDAO’s SOS token and GasDAO’s GAS token were allocated to those who registered trading activity on leading NFT marketplace OpenSea, and those spent at least $1,559 of ETH on transactional fees.
Now, while these projects are legitimate innovations with openly-documented roadmap objectives, the growing prevalence of such airdrops — especially their inflated speculation and outlandish early-expectations for projects just emerging from the cryptographic womb — could become the catalyst for a trend of rug pulls, Ponzi schemes, and pump & dump projects which pursue short-term monetary gains, akin to the ICO token era of 2017.
Although a handful of the asset launched during the initial coin offering (ICO) craze became successful, a vast number experienced catastrophic falls from financial grace, tarnishing the integrity and confidence of the entire cryptocurrency space, as well as fueling the often contemptuous mainstream narrative.
Feels like we're back to the good old ICO token days. But instead of white papers we now get airdrops and rugs.What a great way to end the $YEAR
— richerd.eth ᵍᵐ (@richerd) December 31, 2021Circulating rumors of potential MetaMask and OpenSea tokens are cultivating optimism for the construction of a truly decentralized and community-centric Web 3.0 industry. Whether this technological utopia becomes reality amid the motivations of venture capitalists and tech giants is another matter of debate.