The Meebits contract by Larva Labs (the creators of CryptoPunks) has a hidden exploit – it allows people to basically select the rarity of their Meebit.
Although the Meebits provenance was supposed to be completely random, the revelation of this new exploit allows users to generate NFTs worth hundreds of thousands of dollars for free (except ETH gas). This exploit is still live.
Larva Labs: A Mainstay of the NFT World
Famous for CryptoPunks, Larva Labs have cemented their legacy as pioneers in the NFT space, creating generative art on Ethereum. CryptoPunks have sold for outrageous amounts – sales have exceeded the million-dollar mark per NFT, with the most expensive one being sold for $7.57M back in March of this year.
Their latest offering, Meebits, is a 3D NFT project, and the public sale (where Meebits were priced at 2.5 ETH) raised over $85M. The average sale price on OpenSea for Meebits is over 5 ETH, with several rare Meebits selling for over 100 ETH.
An exploit in the Meebits contract allows people to choose the Meebit they want to mint. Thus they can select rare ones, which are worth obscene amounts of money. This exploit is live, and several people are running contracts in an attempt to squeeze out the few remaining rare Meebits.
An example contract is here. The minter sends out the mint function and can revert the transaction if a sufficiently rare Meebit isn’t discovered. This process is repeated until a rare Meebit is found, and the contract owner then allows the mint to fully execute.For a few thousand dollars in gas, they have now obtained a rare Meebit worth hundreds of thousands and possibly millions. This exploiter successfully minted a rare Meebit, and has already sold it on OpenSea for 200 ETH ($700K+).As a result, the team has paused community minting temporarily, according to a developer message from the official Discord channel.