Meebits user released and sold NFT for $700,000 using an exploit
This week, the developers of the popular NFT project CryptoPunks presented their new work – Meebits, in which two-dimensional images were replaced by three-dimensional characters. Such characters have unique characteristics, which means that one can cost more than the other, and no one, not even the developers, at the time of the release of the NFT should know how valuable the NFT will be received. A few days later, a vulnerability was discovered in Meebits that allows you to randomly create rare characters.
The vulnerability is implemented by canceling Meebits release requests if the NFT being created is not rare enough. In this way, users could send multiple requests to create an NFT until they were satisfied with the result. One of the Meebits created using the exploit has already been sold on the OpenSea marketplace for 200 ETH ($712,000).
Many canceled requests for the release of Meebits in the blockchain
The developers responded to the problem by temporarily restricting the ability to release and exchange Meebits among themselves. "The contract is safe. A vulnerability was discovered in the Meebits release due to the fact that the properties of the remaining unreleased Meebits were leaked. Thus, those who still have the opportunity to issue NFT cancel their requests until they receive the desired number, " they wrote.
At the same time, the smart contract itself remained fully functional, but loading Meebits into the IPFS distributed storage led to the disclosure of their identifiers and characteristics. The company also noted that almost all the opportunities for issuing Meebits have already been used up, and for those who still have them, the developers will create tokens themselves using the function in the smart contract. In this way, they intend to ensure the randomness of the release, as it should have been originally.