On October 12, security analysts X-Explore published a report in which they described “an attack” on the XEN Contract and an alleged theft of ETH to pay for gas fees. The report comes after the launch of XEN on Ethereum and BSC, where it is now ranked as the biggest gas guzzler, making Ethereum deflationary since Merge, and where over 3 million new addresses have been created in record time on both chains. 6.5 million new addresses have been created for the XEN claim rank transactions on all five chains where the XEN Crypto contract has been deployed.
About the attack
X-Explore writes that the attack started on October 10 when an FTX user used the exchange’s subsidy system on gas withdrawals to pay for his XEN claim rank transactions. It’s not clear if it was an attack, a legitimate user using his economic power within the limits set by the exchange, or the exchange itself using its own gas to mint XEN tokens.
FTX didn’t come up with a statement to dispel the news of an exploit, and XEN minting by the user is ongoing, which puts into question the hypothesis of “stolen gas,” as the report says. At the time of the report, it’s been calculated that more than 100,000,000 XEN tokens with a value of $70,000 have been minted using FTX’s gas subsidy system, for an overall cost of $120,000. The tokens have been exchanged for 61 ETH through decentralized exchanges like Dodoex, Uniswap, and others, returned to FTX, or went to Binance.
FTX users can use up to 500,000 gas for withdrawals, while the default gas price for ETH transfers is 21,000. FTX users are allowed 1000 withdrawals per day if they’re staking 1,000,000 FTT. From the analysis of on-chain transactions, it appears that the user was able to perform more transactions than the daily limit covered by the exchange’s subsidy. After 4 days, XEN minting from that address is ongoing. It’s unclear why the exchange would allow “the attacker” to exploit their system without stopping it. One hypothesis is that it could be the exchange itself that mints free XEN.
The contract created by the minter set XEN’s mint term to 1 day only. This means that after one day of minting, XEN tokens are claimed to be swapped for USDC mainly.
Another report from the same analyst says that XEN is being Sybil-attacked and “the project is now suffering and will continuously suffer from the tremendous loss because of the Sybil attacks. (…) On October 12, around 80% of participating addresses were Sybil addresses,” states the report. A Sybil attack is when one person or group creates multiple identities on a P2P network in order to undermine the authority or power that is already in place.
XEN is a token following the first principles of crypto like self-custody, trustless consensus, and decentralization. It aims to empower individuals to generate, store, and use their economic energy without mediators. The contract is audited, immutable, open source, and has no admin keys. There was no pre-mint or allocation to anyone. At launch, the supply was zero, and it’s being brought into existence by people interacting with the smart contract and minting XEN. The project was released by Jack Levin, although, at this time, he has no more influence on the project than any one of us.
The formula is the solution
The FTX incident allowing someone to mint 100,000,000 XEN is not an inflation bug, as some were arguing on Twitter. It isn’t an attack on XEN or its users. The Sybil attack is also something that does not put pressure on the protocol or its users. The XEN Crypto smart contract has built-in a mathematical formula that takes into account both inflation and the Sybil attack, turning them into a feature rather than a flaw. The formula that Jack Levin came up with is logarithmic. At first, it causes a lot of inflation, but as time goes on, it causes disinflation.
The general XEN minting formula is:
R𝚞 = 𝚕𝚘𝚐𝟸(𝚌𝚁𝙶 − 𝚌𝚁𝚞) * 𝚃 * 𝙰𝙼𝙿(𝚝𝚜𝟶) * (𝟷 + 𝙴𝙰𝙰(𝚌𝚁𝚞))
AMP – reward amplifier
cRg – global cRank
cRu – your rank
T – mint term days
𝙴𝙰𝙰(𝚌𝚁𝚞) = 𝟶 . 𝟷 − 𝟶 . 𝟶𝟶𝟷 * [𝚌𝚁𝚞 /𝟷𝟶𝟶, 𝟶𝟶𝟶]
Starting from zero, the supply of XEN needs to be brought into existence by the minters claiming their ranks and choosing the time range they’re willing to wait to receive their tokens. Being early gives more tokens because of the amplificator; however, AMP decreases every day, just as the Early Adoption Amplifier (EAA) decreases with every 100,000 addresses. A longer time frame positively influences the number of minted tokens because more people can join the network before your mint is finished. The more people claim their rank, the more token rewards.
Moreover, there’s also a staking APY that starts at 20% and decreases to a flat 2%. The minting never ends, but the logarithmic formula creates a natural cap on the quantity of new tokens being created. The minting difficulty increases, and after 3000 it will be possible to mint around 10–30 XEN per day.
Right now, inflation can be very high, and the more users claim their rank, the more XEN is minted. The inflation bug would occur if the logarithmic formula stopped working, but it keeps working as designed instead. As the Global Rank goes up and the mint term goes on for longer, the difficulty will make it harder to get XEN every day.
bots ain't a flaw
Another important factor in minting rewards is the number of people between you and the end of your term. More people who claim their ranks before the end of your mint term will earn you more rewards.
It is a known fact that people use all kinds of bots to mint XEN. It was expected and couldn’t be prevented because bots bypass captcha and connect directly to the protocol. The captcha would only harm the real users and not the bots. Through the web interface access, a captcha would limit the users to one account, while the bots would still be able to connect directly to the contract and be free to mint under the hood as much XEN as they wanted to. When creating XEN Crypto, Jack Levin wanted to make things fair for its users and decided to give everyone the possibility to mint XEN by creating multiple accounts and bots without any restriction.
This is in line with the first principles of crypto and permissionless systems. In XEN, everyone has the power to Sybil attack others by creating multiple accounts. That’s why it’s difficult to describe it as an attack. It is possible to assert that each man or woman has the ability to spawn his or her own economic energy at as many addresses as he or she wishes. After reaching their maximum personal entropy, people have an incentive to consolidate their energy into one or a few accounts. This happens because of XEN’s staking method, which gives more rewards for larger stakes and longer staking periods. In other words, minting for rewards maximization is better with as many addresses as possible, while one or a few accounts are better for staking.
Divienb, a XEN community member, created this document to demonstrate how bots help users earn more rewards and to explain why this is happening.
In an open and permissionless system like the blockchain, it is impossible to deter people from creating multiple accounts. XEN embraces this, turning it into a feature rather than a flaw. The bots distribute inflation to everyone else. With the right strategy, people can benefit from this. More solutions are being created to facilitate batch transactions, and a new generation of wallets will come to the market. Eventually the world will evolve and adapt.