Incident Report 15/02
Ahead of our Honey Genesis NFT mint, we collected 4,758 unique addresses for our whitelist via a learn to earn mechanism. The purpose of the whitelist was to create an incentive for minters to study the protocol, and increase bot protection. We decided the best way to distribute these tokens was via a claiming mechanism similar to gumdrop. Because gumdrop was deprecated in the latest Candy Machine version update, we opted to build our claim mechanism around Merkle distributor by Saber Finance.
How does a Merkle distributor work ?
A Merkle distributor is a smart contract based on the Merkle tree data structure, where a root hash is computed from a sum of leaf nodes. As long as the leaf nodes stay the same, the root hash stays constant.
This mechanism is leveraged in DeFi to attribute leaf nodes to a series of arrays (Solana addresses). This system avoids the entire tree (series of addresses) from being stored on-chain, and instead stores a simple root hash, derived from any of the leaf nodes for later verification. In Saber’s program, a leaf node is computed from:
- position (index) of the Solana address
- The address itself
- The amount of tokens which be claimed
Note: A single change in any of these variables will result in an incorrect root hash.
What happened ?
When computing our list of the finalised whitelist, we provided our own list of arbitrarily sorted addresses (the position of each public key was provided to the program, as per our own chronological order). However, Saber’s Merkle distributor reshuffled the addresses, thus changing their positions and indices in the program. As mentioned above, changing this position variable leads to a completely different root hash, and thus, it is impossible to verify any address on the whitelist (despite them all having been computed).
Users would thus have been unable to claim their tokens, forcing us to postpone the mint in order to guarantee a smooth minting experience for everyone.
We still have the whitelist, and will be adding addresses to it before the mint, in order to create a larger batch.
Going forward
Mistakenly assuming the logic of a seemingly simple Solana program, showed flaws in our product development cycle, which we are now redesigning.
We are introducing each new piece of code to our Alpha testing community, a group of dedicated individuals on discord testing new features before production. This step is now necessary for anything which our devs wish to deploy.
This used to only be the case for features which could potentially include financial liabilities, however it’s been expanded to include the entirety of our work.
We remain laser focused on our mission to empower NFT users with powerful financial tools, and look forward to more testing with the community. This will start as early as next week, with the formalised community testing of lending and borrowing.
Thoughts on how we can improve our operations ? Feel free to reach out to me and let’s discuss.
-Tom Pandolfi, director of Honey Labs
