Nottingham Upgrade Fixes Previously Undetected V1 Inflation Bug
Besides upgrading the FLOKI smart contracts to allow for DAO functionality, the Nottingham Upgrade also fixed a major V1 inflation bug that only recently came to light.
While preparing for the upgrade, FLOKI’s lead dev Jackie did a thorough audit of all the previous FLOKI smart contracts since V1 to ensure that the new contract is flawless. He also audited token distribution during the V1 to V2 migration.
This audit uncovered an inflation bug where people got more tokens than they should get during the V1 to V2 upgrade.
A quick history overview will help understand exactly what happened:
When the original FLOKI dev launched the first version of the token he had advertised the original contract as having a fixed supply and a 10% tax on every transaction; 5% of which goes to the marketing wallet and 5% of which is redistributed to holders.
In actuality, the contract had a massive inflation bug that increased supply 14 times in less than two weeks. This inflated supply was then being distributed to holders.
This was an existential crisis and community members pushed the old dev to fix the bug and upgrade the contract. He chose to abandon the project instead.
After the original FLOKI dev abandoned the project and another dev brought on to revive it disappointed the community, an emergency plan was initiated through a third dev who had to create a new contract and help revive the project within just 24 hours.
With such a short timeframe, running a script to determine what actual inflation was before the V2 migration on such a short deadline was unrealistic, so the team at the time came up with the following formula to address inflation based on when holders swapped their tokens at the time believing is fairly addressed the inflation:
- All wallets before and up to 12 hours before deadline, receive 100% transferred tokens.
- 12–9 hours before deadline, receive 90% transferred tokens
- 9- 6 hours before deadline, receive 80% transferred tokens
- 6–1 hour before deadline, receive 70% transferred tokens
- 1 hour to 30 minutes before deadline, receive 60% tokens
- 30–10 mins before deadline, 60% of tokens
- 10 minutes before deadline, to deadline 50% of tokens
When our lead dev Jackie audited the distribution recently, however, he found out that this formula wasn’t enough to account for the inflation that occurred at the time — and that many V1 holders got significantly more tokens than they should get.
Even worse, the airdrop calculation formula only exacerbated the issue.
FLOKI’s lead dev Jackie explains how the airdrop formula used at the time worsened the issue:
Essentially, the issue is the massive airdrop for certain addresses that exploited a combination of the token inflation and the airdrop rules.
This exploitation was possible due to:
1. inflation being possible;
2. the flawed* airdrop amount calculation; and
3. the rush of transfers of addresses trying to get into the airdrop.
Effectively, this comes down to an inverted tax on people’s conscience.
Let me try an example where there are *only* fair people, i.e. all of them send in their tokens before the deadline. For this scenario I’ll be using a tax of 5%; I don’t know (and haven’t looked up) what the actual tax was.
Let’s say there are 10 addresses, each with 100 tokens.
User 1 sends in 100 tokens, but is taxed 5 tokens, so gets an airdrop of 95.
Those 5 tokens get divided over 9 people, so they all get 5 / 9 ~ 0.56 tokens.
So user 2 has ~100.56 tokens, and sends in all their tokens. Then the same thing happens, but it’s divided over 8 users. So those 8 get 5% over the 100.56 which is also ~5. So they get 5 / 8 ~ 0.6 each.
This continues on, but essentially that boils down to these numbers for our fictional airdrop:
1 100.00 95.00
2 100.56 95.53
3 101.18 96.12
4 101.91 96.81
5 102.76 97.62
6 103.78 98.59
7 105.08 99.83
8 106.83 101.49
9 109.50 104.03
10 114.98 109.23
So the 1st user got a 5% decrease in balance from the airdrop and the 10th user got a 9% increase from the airdrop, even though everything went fairly.
But that’s just for 10 users. If you scale that up to 100 users, then the final 100th user got a 22.8% increase. For 1,000 users it’s a 37.8% increase.
And that’s just for regular users that simply send in their tokens immediately.
If instead, we have an uneven distribution of tokens, and users that *specifically* wait until the last possible moment, then we get people that have an airdrop of more than a 1,000% increase of their initial balance.
That’s without taking into account regular transaction taxes, only the ones meant for the transfers for the v2 airdrop.
Addressing the inflation bug
While this inflation bug affected every user that held/swapped FLOKI during the V1 to V2 migration, some wallets benefited significantly more than others depending on how long they waited before swapping their tokens.
To address this inflation bug as quickly as possible without overcomplicating things and creating more problems in an attempt to fix the bug (logistics or otherwise), our lead dev came up with a formula that focuses majorly on the largest beneficiaries whose actions could cause the most damage if the bug is not addressed — some of whom have been consistently selling these inflated tokens in large chunks in a way that has been harming the FLOKI liquidity pool:
We took the mean annual wage of all the countries associated with the Organization for Economic Co-operation and Development (OECD) of the last published dataset (i.e. 2019) and used it as a benchmark for where to start the cut.
The list can be found here.
The yearly mean of these countries comes down to 43,342.29 USD.
We then divided this amount with the opening price of FLOKI V2 and came up with the number 7,210,870,858.956556238 which we used as a benchmark to determine where to begin the cutoff.
So every wallet that got more than 7,210,870,858.956556238 FLOKI tokens during the V1 to V2 migration was added to the blacklist.
A script was then developed to analyze these wallets and determine how much excess tokens they got based on when they swapped.
The outcome of this analysis is the blacklist. You can find the full list here:
An Important Note About the Blacklist
It is important to note that the original blacklist referenced in this article isn’t a permanent one or an indictment of crime.
Many of the beneficiaries of the bug most likely had no idea they were beneficiaries. The team also had no idea that there was such a problem until an audit of the distribution was done while preparing for the DAO upgrade.
However, some of the beneficiaries did know and have been dumping these excess tokens in an unhealthy way that has been negatively impacting the FLOKI liquidity pool.
The purpose of the blacklist isn’t to stop people from having their tokens; it is to prevent affected users from selling these excess tokens into the FLOKI liquidity pool.
A committee has been set up to review cases related to the blacklist on a case by case basis.
Users on this wallet can appeal, and once their wallet has been cleared it will be released and removed from the blacklist.
Affected holders can reach out to the committee to review their case by emailing support @ floki.com.
The committee will review each complaint and address on a case by case basis while also looking at mitigating factors.
AGAIN It is very important to understand that this list is not final or an indictment of crime, and the fact that a wallet appears on the list does not mean it is permanently blacklisted; some of the people on the list probably don’t know they got inflated tokens and haven’t been dumping the excess tokens. Mitigating factors will be considered for these people.
The purpose of the blacklist is to have people return the excess tokens they got (either by sending it to a burn wallet or the FLOKI multisig address). Once this has been done, their wallets will be released and removed from the blacklist.
More importantly, it is very important to note that the blacklist ONLY affects people who got excess tokens due to the V1 inflation bug — provided they got more than 7.2 billion tokens (based on the OECD formula we used as explained above).
Users who got less than 7.2 billion tokens, even if affected by the bug, aren’t included because their actions can’t have much of a negative impact and it’s logistically impossible to review thousands of cases.
If you bought after V1, or bought during V1 and got less than 7.2 billion tokens, you shouldn’t be on the blacklist; if you are, you can appeal to the committee as well and we will review your case.
The best interest of FLOKI holders comes first
We’d also like to make it clear that this decision was one we came to very carefully — after lots of deliberation and consultation.
We know this move makes us appear centralized, which is the last thing we want especially with our recent decision to transition to a DAO.
However, we know that realizing this bug and ignoring it when we could have fixed it — while many new FLOKI users are being negatively affected by the dumps occasioned by these excess tokens — is unethical and immoral.
We also reached out to key partners like our contacts at Certik and Wintermute to seek their thoughts on how this could be approached — particularly looking at the centralization angle, and the conclusion was that it had to be done.
Ignoring the bug will cause way more damage than having an appearance of being centralized because we fixed it.
More importantly, to further protect the interests of our users, we understand that some of those affected by the bug might decide they no longer want to hold FLOKI after the excess tokens have been retrieved. In the interest of our users and to avoid these people dumping their remaining tokens on the FLOKI liquidity pool after the excess tokens have been removed, we would suggest going through an OTC desk, such as our market maker’s Wintermute’s, to avoid causing significant slippage on price of the token.
This move allows them to exit their position in an easy way, if they so choose, without negatively impacting the FLOKI liquidity pool or FLOKI users. It also benefits them since they get more actual value for their tokens when slippage is considered based on the price impact of their sells.
We are excited about the Nottingham Upgrade and FLOKI’s gradual transition to a DAO, and we consider the upgrade to be a successful one.
We’d also like to state that the decision to blacklist and fix the inflation bug wasn’t an easy one, but it is a necessary one.
It is a necessary decision because it is the right, moral, and ethical thing to do after discovering it — especially when we have the power to fix it.
It isn’t an easy decision because it makes us appear centralized, which is the very last thing we want to appear to be as we gradually work to position the people’s cryptocurrency to become a major cryptocurrency force to reckon with.
Eventually, how we act in the face of tough decisions like this determines our future trajectory and where this project will head.
This is the decision we had to make!