MegaETH pre-deposit event derailed by congestion and multisig mayhem
Chaos struck yesterday’s pre-deposit window for DeFi users keen to be early to the December launch of MegaETH’s Frontier mainnet.
Multiple stumbling blocks included a buggy and overloaded know-your-customer (KYC) verification process, the initial cap of $250 million being filled in less than three minutes, and subsequent adjustments to the cap being mishandled.
A statement from MegaETH’s X profile recognized that the day’s events were “not acceptable.” It says the launch “encountered a variety of minor technical issues that, when compounded, provided a subpar user experience.”
What went wrong?
MegaETH bills itself as “the first real-time blockchain,” promising >100,000 transactions per second (TPS) and sub-10 ms block times.
Ironic, then, that one of the first of a series of blunders came from congestion. The event was briefly delayed due to a “mismatch in SaleUUID” between the deposit contract and KYC-checker Sonar.
Then, a traffic jam hit due to “a misconfigured rate limit on the Sonar side… [which] was set too low.”
Read more: Coinbase Base network halts for 44 minutes due to ‘unsafe head delay’
Once this was fixed, however, deposits hit the $250 million cap in under three minutes. MegaETH suspects the reopening was caught by users “spamming refresh,” rather than those monitoring “official channels” of communication.
Consequently, the team decided to quadruple the initial cap to allow those who missed out a second chance, setting the reopening for two hours after the initial launch.
This didn’t go smoothly, either.
‘Oops’
The transaction to raise the deposit cap to $1 billion was queued in Safe, the multisig wallet, requiring four signatures.
All four signatures were acquired well in advance of the time the team had set for the cap increase.
With the eyes of would-be depositors on the team’s movements, one user jumped at the chance.
Once a multisig transaction has the required signatures, anyone can execute it. User chud.eth decided to take matters into their own hands.
Read more: High yields to haircuts: Has DeFi learned anything from yield vault collapse?
The cap was raised over half an hour early, with deposits rapidly pouring in once again.
“Unfortunately, the party responsible for executing the raise tx was unfamiliar with the specific Safe feature,” MegaETH explained.
The team decided to override the new $1 billion cap, citing similar concerns over the deviation from official comms.
A first attempt to cap deposits at $400 million failed, as deposits had already surpassed that amount. Finally, the team was able to set the cap at $500 million, 13 minutes after chud.eth’s intervention (and still prior to the officially announced time).
Ultimately MegaETH “decided not to move forward with the additional cap due to a few unresolved bugs around KYC verification stopping users from participating.”
Once the dust had settled, blockchain analyst Dethective broke down the deposits, the largest of which was reportedly $40 million.
Read more: Balancer exploit drains $129M in DeFi disaster
Permissionless finance
This is not the first time a hotly anticipated DeFi project has been tinkered with by a community member.
At the height of 2020’s DeFi summer, anonymous user 0xc4ad decided to launch veteran decentralized exchange Curve Finance’s DAO contracts and governance token (CRV).
Read more: Curve Finance warns users after website and X account hacks
Although such examples of DeFi’s “permissionless” nature don’t necessarily cause harm, multisig signers being “unfamiliar” with how transactions are executed has led to doubts about the team’s ability to “reshape the future of finance.”
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.