NFT Developer foobar has called attention to a Bored Ape Yacht Club smart contract function that would allow a single, non-multi-sig, wallet to mint an unlimited number of new Apes.
There is a single private key out there that can mint an infinite number of new OG @BoredApeYC at any time.
If the token contract owner (a personal wallet, not a multisig) gets hacked or phished, you might see thousands of new bored apes minted and dumped onto the market pic.twitter.com/CLZGaDz1Yx
— foobar (@0xfoobar) June 5, 2022
The contract allows the wallet to mint 30 Bored Apes NFT at a go, and there is no limit set on the number of mints. The wallet can continue minting Bored Apes infinitely as long as it can pay the gas fees.
Bored Ape refuses to act for over a year
The issue has been brought up before, but BAYC has yet to take action.
Hey thanks, we were just talking about this. Obviously, we’re never going to call that function again and we’re planning on revoking ownership in the next day or two.
— Bored Ape Yacht Club (@BoredApeYC) June 2, 2021
In 2021, NonFungibles founder Dan Kelly inquired about BAYC’s plan for the function. BAYC said that it would revoke the access soon, but nothing has changed more than a year later.
Crypto community reacts
Members of the crypto community have been reacting to the news that new Bored Apes could be minted.
the externally owned single-signer account that has the authority to mint arbitrarily more apes, 0xaBA7161A7fb69c88e16ED9f455CE62B791EE4D03, is still active. the last transaction was 16 hours ago
— suzuha ⚡? (@dystopiabreaker) February 3, 2022
One user pointed out that the wallet was still active as of February 3, 2022, revealing that the wallet can “arbitrarily change the metadata associated with each existing ape.”
Another community member used the opportunity to troll Yuga Labs, the parent company of the collection, saying they would handle the issue “the same way they take good care of their discord.”
Bored Ape’s Discord channel was breached recently, leading to the loss of millions in NFTs.
Worry not, daddy yuga will take good care of the key, just like they take good care of their discord ?
— ?.Clarke ⚛️?? (@LuizClarke) June 5, 2022
Meanwhile, Bored Apes isn’t the only NFT project with this function. A software engineer, Ethan Hunsaker, pointed to a similar function in Doodles smart contract.
What is the effect of this?
Most of the concerns about the contract functions come from what could happen if the wallet is hacked. Since one of the selling points of Bored Apes NFTs is the scarcity, the possibility of creating unlimited newer NFTs could affect their value.
The CEO and founder of Chainfrog, Keir Finlow-Bates, recently wrote that the creation of new Apes might drive the value down, but it is not a certainty. He added that new Apes could potentially become more valuable than the originals.
Source: https://cryptoslate.com/bayc-smart-contract-function-allows-unlimited-minting-of-new-apes-by-single-wallet/