Smart Contract issue in Pixel Inc

After launch of Pixel Inc, everyone was having fun painting on the canvas until Mudit messaged me. He had found a major issue.

The Issue

When painting on the canvas, the payment is checked by checking msg.value.

By using Batchable to make multiple calls to paint, the same msg.value sent is used to pay for each call.

This allowed for unlimited minting of PIXEL tokens and drain all MATIC out of the contract.

Securing Assets

  • The MATIC earned by the team that was sitting on the contract is withdrawn.
  • Most of the liquidity of the SushiSwap pool was until team control and was removed. Now less than $200 remains from 2 LPs. They should withdraw this.
  • The UI was updated and the canvas is now ‘locked’. A snapshot of the canvas is taken and will be uploaded in the new contract.
  • A snapshot of the PIXEL token balances was taken and these will be used to issue new tokens.

Way forward

A massive thanks to Mudit for finding and reporting this! And a thanks to the community in supporting this project and please bear with us while we get this show back on the road…

— BoringCrypto

Update 1: All data (PIXEL balances, the canvas data, ambassador program info) has been extracted. Fixed contract is mostly done. Time for a nap as it’s 7am and I’d like to write the redeployment with a fresh mind. If all goes well we should be back up and running within a day.

Update 2: Full replicated deployment is live on the Polygon Testnet and the current site points to that. Currently loading the replicated state into Polygon mainnet. If all goes well this will take about 2 hours.

Update 3: Everything has been restored, canvas unlocks in 30 minutes.

I read smart contracts for fun...