Post Mortem: An overdose of CUDL
TLDR: A bug allowed someone to mint a huge amount of CUDL. The game and token are paused for now.
CUDL is a Tamagotchi-like game on the Ethereum blockchain where cats are able to mint some CUDL depending on their level. The in-game token is then used to buy food in order to keep the cat healthy and increase his daily rewards based on a level system.
The game started its beta just 31 days ago managing to gather 4010 Acclimated Mooncats in an awesome adventure played by 744 cuddlers.
While we were upgrading the game in the past 2 days to a new version in order to lower gas costs of playing and balance the economy we introduced a bug that enabled a lucky player to mine too much CUDL. This bug affected people registering new cats and mining for the first time. Following the discovery of unusual activity on the game we decided to pause the game and transfer of CUDL to limit the damage to liquidity providers and players.
Here is the full timeline of events:
- Aug-16–2021 10:29:02 PM: The game logic was updated introducing the new features and the bug.
- Aug-17–2021 07:05:03 PM: An existing player gave life to two new cats (4004 / 4005).
- Aug-18–2021 02:39:25 AM: The player mined all his 5 cats (including his 2 new cats that never mined before) triggering the bug that mined 226285 CUDL (doubling the total supply).
- Aug-18–2021 02:46:53 AM: The player started selling tokens on Uniswap in a few transactions for a gain of 5 ETH.
- Aug-18–2021 04:06:34 AM: After detecting and analyzing the unusual activity we decided to pause the game and all token transfers.
The bug explained
In order to save gas, we introduced a feature that enables a player to claim the reward of his pet every few days. For this we calculate the number of days that elapsed between the last time he claimed token and now as follow:
The problem with this code comes when you register a new pet, as we don’t set the lastTimeMined time in order to enable fresh players to mine one time. This worked well while we didn’t take into account the number of days elapsed between the two claims. Unfortunately in our case, the lastTimeMined sitting at 0 will result in a huge amount of day elapsed between the current timestamp and 0.
Note: In computer programming, the timestamp is based on seconds since the epoch: JAN 01 1970. Which makes at the time of the bug: 18857 days. As the basic reward for level 0 pets is 6 CUDL you get 18857 * 6 = 113142. As the person had 2 fresh cats in his collection he mined 226284 CUDL.
Considering the history of the wallet and the on-chain activity of the person following the unusual reward there is reason to believe that he was just lucky and didn’t exploit on purpose.
Will Your Pets Die? Do i need to feed?
You don’t have to feed or mine any pets for the time being, when the new version of the game is properly tested we will announce a way to resume.
The road moving forward
This is not the first time we go through adversity. As a community, we love the energy and attention the game managed to gain in just a month. We’ll take some time to learn from the bad and the good.
We won’t rush resuming the game, this bug was the result of humans running around the clock due to pressure we put on ourselves, and it could have been avoided.
Stay tuned and follow our discord channel #CUDL for announcements when the game is resumed.
