Weekly Report (Apr-03)

5 min read

SafeMoon and Allbridge Exploit. Gucci, Papa Johns, and Avalanche web3 initiatives.


  • Gucci has joined forces with Yuga Labs for a Metaverse initiative.
  • Avalanche Foundation has launched an NFT initiative.
  • Arsenal Football Club has collaborated with Staynex for an NFT initiative.
  • Papa Johns pizza has taken a leap into Metaverse.
  • Flybondi is set to offer every airline ticket as NFT.

Blockchain Hacks#

SafeMoon was exploited due to the presence of a public burn function, resulting in a loss of approximately $8.65 million.The most recent change to the SafeMoon token contract added the burn function, which was updated yet again to allow anyone to burn tokens instead of the sender. This change was effectively taken advantage of by the exploiter. The attacker was able to remove SFM tokens from the SafeMoon-WBNB LP, alleviate the price of SFM tokens, and sell them at a grossly overpriced rate within the same transaction, which ultimately wiped out the remaining WBNB in the liquidity pool. We have highlighted a detailed analysis of the exploit in this blog.

The team behind Kokomo Finance had an exit scam and was rugged with roughly $4 million worth of user funds. The deployer of the KOKO token deployed an attack contract, then set the reward speed, paused the borrow, and changed the implementation contract into a malicious one before taking away the funds for their profits.

Patricio Worthalter, the founder of POAP, was the target of a phishing attack. The attacker transferred approximately 85,898 RPL, worth $3.83 million, from his address to DEX and sold all of the stolen RPL tokens at a much lower price to profit by approximately $3.25 million.

Allbridge was exploited due to price manipulation, resulting in the loss of 282,889 BUSD and 290,868 USDT, totaling approximately $570,000. The root cause of the exploit is due to the manipulation of the swap price of their pool. The exploiter played the dual role of a swapper and liquidity provider to manipulate the price and then proceeded to drain the funds from the pool. The attacker initially took a flash loan of 7.5 million BUSD from PancakeSwap, swapped 2 million BUSD for BSC-USD, and deposited 5 million to the BUSD pool. The exploiter then swapped the remaining 500K BUSD for BSC-USD and used the balance to swap for BUSD again in the Allbridge's Bridge contract, which resulted in a high dividend for the earlier liquidity deposit. The exploiter later sent 1,700 BNB, which also included profits from previous attacks, to Tornado Cash. A detailed analysis of the exploit can be found in this blog.

Metaverse, and NFTs#

Gucci, the Luxury fashion brand, and Yuga Labs, the company behind Bored Ape Yacht Club (BAYC), are set to start an innovative project that combines fashion and entertainment in the Metaverse. The partnership between Gucci and Yuga Labs represents a significant milestone for the fashion and NFT industries. The collaboration expands on the Gucci Grail NFT apparel line, which was introduced by digital tailor Wagmi-san in March 2022. It also provides a first-look at how Gucci will fit into Yuga's Otherside gamified meta-RPG world. The renowned fashion business intends to provide its clients with unique virtual experiences that blend real and digital elements. This step shows Gucci's readiness to adapt to new technology and keep up with the rapidly developing fashion and entertainment industries.

The Avalanche Foundation has started an initiative to support NFT artists. The campaign, dubbed Avaissance, will have two components. More than fifty digital artists will receive funding, mentoring, and virtual workshop sessions through the initiative's first component, the Artist in Residence (AIR) program.  Through this initiative, each artist will issue a batch of NFTs on the Avalanche blockchain. The Mona Lisa Initiative (MLI), a collective digital art curation endeavor, is the program's second component. The team has invited digital artists to apply via its official online application form, which will be open until April 28.

Arsenal Football Club has collaborated with Staynex to launch an exciting new NFT project. Fans will have an opportunity to access match tickets alongside luxury accommodation via the Arsenal Journey Pass. The program will launch via the Enjinstarter initiative and will begin on April 7th on OpenSea. The 400 NFTs will be split in two tiers, with the 340 Gooner tier NFTs granting general and club level access to a match and 4-star accommodation, and the 60 Legendary tier NFTs granting box seat access and 5-star accommodation. Successful bidders will also get early adoption benefits and premium access to the Staynex platform, which lets users buy vacation packages at resorts and hotels using NFT.

Pizza brand Papa Johns, has tapped into Metaverse through OneRare’s foodverse initiative. With this partnership, Papa Johns enters the Web3 space and introduces a brand-new world to its customers. The company is set to launch digital collectibles of its top three most popular pizzas. These collectibles will be modeled after Vegan Sheese Garden Special Pizza, Spicy Chicken Ranch Pizza, and Super Papa’s Pizza. Holders of the yet-to-launch NFTs will participate in the brand's virtual voyage, which will touch on its history and reveal the formulas for some of its well-known dishes as part of an immersive experience.

Flybondi has decided to disrupt the conventional ticketing system by issuing every ticket as a NFT. The Argentine airlines company has elevated the web3 offerings to new heights by becoming the first airline to offer NFT tickets. The breakthrough concept represents a turning point in the integration of travel and blockchain technology, providing passengers with a seamless and secure experience. Each ticket is a unique digital asset that offers passengers a personalized and reliable method of travel. The NFTs are created at the time of booking and saved in the traveler's Flybondi account for simple retrieval and verification.

OnChain Insurance Industry News#

InsurAce Protocol announced the launch of their new quest system on CREW3. Users can engage with the team using this platform and earn rewards.

Bumper Finance announced the completion of Epoch 4, after which BUMP tokens were distributed to users who had staked their Uniswap V2 LP tokens into their Liquidity Mining contracts.