The Stars Arena drama continues
And I must admit it's all very entertaining to watch from the sidelines. Especially after warning everyone that the platform is guaranteed to fail.
This morning the AVAX community got a very rude awakening when many came to the realization that all of the value locked inside the ticket smart-contract had been hacked. This means that it was impossible to sell tickets and receive their fair-market-value in return because there was no AVAX available to extract from the contract.
How did this happen?
There's a lot of shit talking going down questioning how there could be so many bugs when a lot of these contracts were forked from Friend.Tech. My understanding is that the tech stacks are different enough for problems like this to pop up.
I'm having trouble finding the Tweet now (maybe it got deleted) but apparently someone by the moniker of The Builder created Stars Arena. They claimed to have created it in a week thinking it wouldn't make as many waves as it did, and by the time security became a much bigger concern they didn't have time to properly vet the code while it was just sitting out there in the EVM jungle.
Inside job?
In situations like this many rugpulls like this one are viewed with extreme suspicion because most of the time the only people who can hack these contracts are the very same people that created them and know them inside and out. Do I think Stars Arena hacked their own platform?
No, in fact it still makes more sense that someone from Friend.Tech is the culprit as they also know the contracts inside and out. Stars Arena was just getting started and it was way too early in the game to yoink the funds like that. Then again $3M for a week's worth of work is a pretty good payday imirite? It's all relative.
Stars Arena enjoyoooors are also very upset that many high-ranking accounts are minimizing the loss of the $3M because "it's only $3M". Yeah it was only $3M but it was also 100% of all the money locked in the platform. This has become a major pain point and source of drama as the development unfolds.
I'm hearing reports and Stars Arena has already borrowed or otherwise acquired the money to refund most if not all of the $3M within hours of the attack happening. The hole is plugged and operations should continue soon. However, at what cost?
The Confidence Game
I for one believe that Stars Arena is not going to recover from this. The illusion has been shattered, and it was this illusion alone that was keeping the entire platform running in the first place. The only way these reflection tokens can continue to operate is if users are so overwhelmingly bullish that they keep reinvesting their gains back into the platform over and over again hoping to cash out an even bigger score later. Eventually the music stops and most people are left holding a bag worth very little.
Now that everyone realizes the inherent counterparty risk and vulnerabilities associated with the platform I find it highly unlikely that they'll be able to get their momentum back and keep the unsustainability train moving along the tracks. This hack has been a complete derailment of the long-con that a project like this needs to keep going. I guess we'll see if they can somehow regain user confidence moving forward.
Greater Fool's Theory
The entire premise of these SocialFinance tokens is pretty ridiculous. The price of any given user's shitcoin simply goes up way too fast, which creates a scenario in which once something like 200 tickets are bought the price has mooned and it's very difficult to afford a ticket. Many have not considered that this mechanic doesn't really make a lot of sense for a paywall model, and rather makes a whole lot more sense for generating totally unsustainable hype and casino gambling.
And now everyone that shamelessly promoted the platform has to issue their apologies and act as if they didn't know any better. They knew better, and they did it anyway, because the majority of users in crypto are shameless degenerates, after all.
This hack also made me realize that the way I thought it should work was not anywhere close to how it actually works. I assumed that every account should have its own liquidity pool. Every account should have its own contract and its own associated TVL connected to the tickets of that account.
Yeah, that's not how it works.
Instead it's become painfully obvious that everyone's money was grossly centralized to a single contract and the only thing that separated the honeypot from the users was a thin veil of math that was easily exploited by a bad actor that knew what they were doing. Whoops! I hope that "efficiency" was worth it.
Many are saying not to worry because this bad actor has been "doxxed", but that's just copious amounts of copium. Do people not know what doxxed means? Nobody knows who the hacker is, but they say he's been doxxed because the money hasn't moved and is sitting in this account on AVAX EVM:
'doxxed' lol okay
I guess people don't know that a physical address is different from an AVAX address.
Conclusion
Seems as though Stars Arena has been cut down at the knees. They may have scraped the $3M back but the confidence in the network will likely never come back. SA devs seem to think that their model is "profitable" and they'll easily be able to make back the money over time. Somehow I doubt it considering there's little reason left to trust them, and trust is everything for a protocol so new and untested. This hype train has grinded to a halt, and is likely too heavy to reboot. Either way I get to keep watching from the sidelines and inject my own commentary whenever necessary.
Return from Stars Arena Hacked for 100% TVL to edicted's Web3 Blog