CFRAC NFT — The Mint, The Art, and The Contract

Author(s): Y4000 (Y4000#2731)

Editor(s): zerohash (Tet#7609)

Updated: 14 Mar 2022


Montage of the first 48 NFTs from the CFRAC collection
Montage of the first 48 NFTs from the CFRAC collection

The Constitution Fractionalized generative art NFT collection (CFRAC) is the genesis NFT collection for Y4000 on the Ethereum blockchain. It was offered as a gift to the community borne out of the ConstitutionDAO. Active members of the PeopleDAO were on the front-lines of the drop.

The Mint

CFRAC opened for mint on on Tuesday March 1st 2022 and made for a thrilling week for the PeopleDAO community — mint closed a quick 3 days later on Friday March 4th setting the collection at 1028 total NFTs. The week leading up to the opening of mint, we ran a simple referrals based giveaways contest — at opening, the contract sent the 20 winners NFTs directly to their wallets. The mint process went as smooth as one could wish for — most in the community claimed their NFTs at no cost other than transaction gas fees; some collected extra mints at 0.05ETH per additional mint.

Here’s a huge congratulations to all the collectors who were able to mint. Going forward the only way to acquire the NFTs will be via purchases conducted on the secondary markets. The original plan was for a larger sized collection at 1776, but in a sort of poetic ending of the mint, the Constitution Fractionalized collection was itself left fractionalized. Two users discovered an exploit of the contract to gain extra free mints, when we saw what they had done we acted quickly to close the mint and burn the remaining un-minted art work. The hackers were able to mint a total of 17 NFTs for free (beyond what they were entitled to) — we identified them (via Discord and Twitter) and they cooperated to return 10 NFTs back to the PeopleDAO Treasury. 3 legitimate transactions got stuck in the crossfire of when we closed mint and failed, so we sent those 3 wallets an NFT each and the 7 remaining NFTs will be auctioned off by the PeopleDAO Treasury. More details about the exploit are explored below in “The Contract” section.

The Art

An NFT itself is simply a blockchain based certificate of authenticity to an owner’s one-of-a-kind piece of digital art. The goal of this generative art collection was for each NFT to feel truly one-of-a-kind — a unique piece of digital art, yet clearly a part of a larger collection. The inspiration and approach of the collection can be found in this earlier writeup:

The Pages

To start with, the collection is purposefully divisible by 4 (both 1776 and 1028 are) — the reason behind this is that the project sources from a copy of the Constitution made available by the National Archives, which is across 4 pages. The “disarray” algorithm is applied to each of the 4 pages in a different way. Page ones have the fractional tiles falling off from the bottom, page twos fall from the right, page threes from the left, and page fours from the top. So with a quick glance at the collection, you can clearly decipher the different pages from one another. As a result, a fun idea for collectors is to acquire a set of all 4 pages.

Application of the disarray algorithm to provide each page with its distinctive trait.
Application of the disarray algorithm to provide each page with its distinctive trait.

The Colors

A palette of 16 colors were chosen as possible background to contrast the ancient parchment on. To view the collection all together — the palette, I feel, just “works together” even though the spectrum is quite wide.

Color spectrum used.
Color spectrum used.

I could envision putting sets together in different combinations — monochrome, different shades, a series that holds personal, or simply a random combination.

Monochrome set example using CFRAC NFTs #7, #14, #36, and #65.
Monochrome set example using CFRAC NFTs #7, #14, #36, and #65.
Shades of blue set example using CFRAC NFTs #1, #74, #27, and #76.
Shades of blue set example using CFRAC NFTs #1, #74, #27, and #76.
Funky color set example using CFRAC NFTs #4, #18, #21, and #99.
Funky color set example using CFRAC NFTs #4, #18, #21, and #99.

The Tiles — sizes and density

The tiles vary in size for each NFT in the collection — the range is quite wide, but they are grouped together as: tiny, small, medium, and large for the traits filters. Given this breakdown and based on OpenSea filtering -- it seems small is actually more rare than tiny. Some of the tiles “fall off” the page — this is conveyed in the “density” attribute; the less dense, the more tiles that have fallen off... These attributes allow otherwise similar looking NFTs to each be unique in their own way — take for example the below page ones:

Example of Page Ones on the same Background, yet clearly unique — CFRAC NFTs #17, #53, and #133.
Example of Page Ones on the same Background, yet clearly unique — CFRAC NFTs #17, #53, and #133.

The Contract

The goal of the drop was to reward the ConstitutionDAO/PeopleDAO community. The strategy was of an equitable distribution for active participants. We capped the maximum any one wallet could mint to 8 to discourage hoarding. The technicals around validating wallets for the “free mint” logic can be found in this writeup. The first mint for the community was to be free and any additional mints were offered for 0.05ETH each. The logic to check if a wallet had already minted was simply to check the wallet’s NFT balance:

require(balanceOf(_msgSender()) + 1 <= MAX_FREE, 'MAX_FREE_REACHED');

The Exploit

The loophole around this logic would be to transfer the free NFT you just minted to a different wallet, which is what the hackers exploited, and go back and mint another one for free. In retrospect this logic could have been more durable. Luckily, we recognized the bad-faith activity relatively quickly, decided to close the mint and burn the rest of the art work in the collection. We acted quickly to preserve the value of the collection and not let bad faith actors get away with an outsized portion of the collection. The hackers were able to mint an extra 17 NFTs for free beyond what they were entitled to. We are thankful to the two hackers to have cooperated with us and returned 10 NFTs back to the treasury. In the end, they did the right thing, and we learned from the episode. The collection is more scarce than it was originally intended to be — overall the outcome is of a positive one. The correct logic would have been to use a mapping of wallets who have already minted for free, for example:

mapping (uint => bool) public mintedFree;
...
// check before allowing free mint
require(!mintedFree[msg.sender], 'MAX_FREE_REACHED');
...
// afer minting for free, record the wallet
mintedFree[msg.sender] = true;

Lessons were learned and we’re better prepared for the next drop! Also, if you’re doing nefarious activity on the blockchain, you tend to leave a lot of tracks which make it pretty easy to track you down. We tracked down the hackers’ wallets by simply cross-referencing their wallets with POAP distributions and ENS info on related wallets — we found them on Discord and Twitter in a matter of minutes.

Conclusion

Historically, artists have destroyed their work in every decade, every country, and every culture. In the 16th century, Michelangelo took a hammer to Christ’s left leg and arm in his marble Pietà. In 1908 Claude Monet took a knife to at least fifteen of his works. I personally have destroyed the code of generative art projects I got tired of working on. It is cathartic in a way — rejuvenates the mind to allow fresh creations. As heartbreaking as it was to burn the remaining 748 NFTs — it’s clear to me it was the right decision for the collection as a whole. Given the unique attributes of the art work and the story behind the drop — my hope is that collectors continue to acquire and enjoy from this historic collection for years to come!

5% of the funds generated at mint are allocated for a donation to the Smithsonian Institution. CFRACs can be acquired on the secondary markets, here is the OpenSea page for the collection:

Subscribe to PeopleDAO
Receive the latest updates directly to your inbox.
Verification
This entry has been permanently stored onchain and signed by its creator.