After launch of Pixel Inc, everyone was having fun painting on the canvas until Mudit messaged me. He had found a major issue.

The Issue

The Pixel contract includes BoringBatchable, allowing to make several calls on the same contract in a single call.

When painting on the canvas, the payment is checked by checking msg.value.

By using Batchable to make multiple calls to paint, the same msg.value sent is used to pay for each call.

This allowed for unlimited minting of PIXEL tokens and drain all MATIC out of the contract.

Securing Assets

In response we took the following actions:

  • The MATIC earned by…


Pixel Inc is an experiment in collaborative ‘artvertising’ and a tribute to web design of the past. Inspired by the Million Dollar Homepage, blocks of pixels on a 1000x1000 canvas will be sold with some funky tokenomics and Multi Level Marketing. After 2 weeks, the final canvas will be sold as NFT.

Phase 1: Creation

Starting with a blank canvas of 1000x1000, pixels will be sold in blocks of 10 by 10. Each block has a description and a URL. Multiple blocks can be bought to create/upload larger images.

All the pixel data, descriptions and urls are stored fully decentralized, on-chain on the…


When the Abracadabra team contacted me to license my isolated lending contract code (known from Kashi) for Abracadabra I didn’t quite understand how it would all work. But having recently just aped in with about $55k, I have to say it’s quite interesting.

What follows are just some personal notes, shared for others to maybe learn from to understand the protocol’s internals and to help the Abra team improve the UI. Sorry, not a very well written piece, more of a brain dump. It’s not advice of any kind and there could be plenty of mistakes.

The way I used…


There is a wide range of DAOs out there and most of them are either not decentralized or not working well. To solve many of the issues I propose a DAO that elects an operator. The operator is free to build/run the protocol as they see fit, unless the DAO isn’t happy… in which case they can elect a new operator at any time, taking all access forcibly away from the current operator in a fully decentralized manner.

Before we dive further into this, let’s have a quick look at some common existing structures and their pros and cons.

On chain protocol governance

Compound…


Since I put out the proposal for BentoBox a few months ago, there has been a lot of progress and launch is now within sight. As the idea became design and then code, some things changed and some improved. This post will explain the solution we’re delivering and a potential roadmap for the future from my point of view.

To start, the term BentoBox was originally used for the lending solution, but as coding progressed, a new concept emerged. This I will refer to as BentoBox. The lending solution will be referred to as BentoBox Lending or simply lending.

The BentoBox

All…


As mentioned in my earlier response, we want to share with the community a bug.

SushiSwap code is fully audited.

However, today’s post is not about us, but about silly FUD and their role in the DeFi community as a whole. When we were reading a silly hype article we had the MasterVampire smart-contract investigated as a potential target for hacking, we’ve noticed another bug, this time with more serious ramifications.

We want to describe the vulnerability and a potential backdoor that was left by mistake, and may get forked multiple times in different projects. The bug itself may lead…


Things have been very busy and we’ve tried to keep everyone informed through discord, twitter and the forums. But for those watching from a distance, here a summary of what we’ve been up to.

New OmakaseBar website is live for testing

All your Sushi needs in one place, that’s what the OmakaseBar brings. You can check it out now at https://sushiswap.fi/.

Besides this there are a lot of ways to play with Sushi:


Platforms like Compound and Aave allow users to deposit assets as collateral and borrow other assets against this. These protocols have attracted billions of dollars, but they suffer from some major limitations. Taking away these limitations could see much larger adoption. This proposal aims to do just that.

Random unrelated picture of Sushi :P

We solve these issues by having a platform with:

  • Isolated lending pairs. Anyone can create a pair, it’s up to users which pairs they find safe enough. Risk is isolated to just that pair.
  • Flexible oracles, both on-chain and off-chain.
  • Liquid interest rates based on a specific target utilization, such as 75%.


So what’s happening? 🔀

Uniswap liquidity that is staked in one of the pools of the MasterChef (such as 🐢Tether Turtle) will be moved to SushiSwap.

Let’s say you add 1 ETH and 340 USDT in the UniSwap pool and receive some UniSwap V2 LP tokens. You then stake these tokens with the MasterChef to farm SUSHI. At migration, technically all tokens in a pool are migrated at the same time in one atomic transaction.

But from your perspective your UniSwap V2 LP tokens (representing your liquidity of 1 ETH and 340 USDT) will be migrated into SushiSwap SLP tokens representing exactly the same…

BoringCrypto

I read smart contracts for fun...

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store