Metaversal is a Bankless newsletter for weekly level-ups on NFTs, virtual worlds, & more!

Subscribe now

Dear Bankless Nation,

Visualize Value, consisting of talents like Jack Butcher and jalil.eth, is the team behind the Checks and Opepens collections. 

VV’s projects have wowed the NFT ecosystem this year, so the launch of their latest Infinity collection this week captured a lot of attention. 

The underlying mechanism is unprecedented and sure to inspire many projects to come. Unfortunately, an attacker just exploited the mechanism’s first implementation for nearly 40 ETH. 

For today’s post, let’s walk you through the Infinity collection’s basics, its exploit, and why its design is definitely here to stay regardless of the attack! 

-WMP

🦊 Thanks to MetaMask Portfolio 🦊

👉 Your web3 assets in one place, and much more ✨

To Infinity and Beyond, Visualize Value Style 🌌

The Infinity collection 101

Introduced by jalil.eth on August 7th, 2023, the Infinity collection is an experimental cryptoart project designed to facilitate the creation of “infinite editions” with an “infinite supply of each piece.”

Unlike traditional limited-edition NFT drops, where one piece of work is made mintable a specific number of times, the Infinity collection has employed an uncapped supply mechanism, so countless variations are technically possible, plus each of these variations can be minted infinitely. 

Non-tradable and fully onchain in being created and completely stored on Ethereum, the pieces cost a fixed 0.008 ETH price to mint. Mint payments were deposited into the Infinity collection’s smart contract, which bears a refund option: burn your piece to redeem your underlying 0.008 ETH at any time, the goal being to make ownership risk-free beyond gas costs. 

The big idea here? 

With no fees, non-tradability, and the possibility of refunds at any time, the Infinity collection was created to explore art appreciation shorn of financial incentives, and all powered on Ethereum. 

Go deeper: Learning Solidity? Check out these helpful Infinity collection smart contract overviews by marka.eth and onion 🧠

🚨 Bankless Airdrop Hunter coming soon! 🚨

Become a Bankless Citizen for Access

The Infinity exploit

Today, August 10th, jalil.eth sounded the alarm after an attacker discovered a flaw in the Infinity collection smart contract and used it to drain the nearly 40 ETH stored within. 

These funds were supposed to be earmarked for minter refunds per the refund mechanism described in the previous section. In the wake of the attack, jalil.eth and software engineer cygaar published threads separately breaking down the exploit of this mechanism. 

Per these debriefs, we now know the attacker specifically took advantage of a loophole inside the contract’s “regenerateMany” function, which was intended to allow users to change the visuals of their tokens. The exploit process was as follows:

In response to the attack, jalil.eth has temporarily shuttered the Infinity collection’s website (previously available at infinity.vv.xyz) and Visualize Value announced full refunds for all affected depositors. 

Why Infinity mints are here to stay

To be sure, this incident serves as a reminder that rigorous testing and careful code review is always a good thing. Yet on the flip side, the Infinity exploit almost didn’t happen. 

“In an earlier test contract on the Goerli test network, this bug did not exist since I checked the length of the inputs are the same,” jalil.eth noted in his initial post-hack thoughts. 

This checking function was cut later to save on gas costs, hence the mainnet exploit. That said, the flaw is now understood by the creator and the community, so it’s no stretch to assume the Infinity collection and other inspired projects will rise with updated implementations. In the very least, it’s totally possible. 

Down for now but not out, right. The collection’s original announcement noted plans for new features and compatibility across multiple Ethereum Virtual Machine (EVM) chains, so rebooting the project would allow Visualize Value to follow through on its expansion plans. 

Yet it’s not just VV and an official Infinity collection reboot that’s of interest here. This “infinity edition” format is a new style altogether in the NFT ecosystem, and it points to new design spaces regardless of what VV does next here. 

What I’m getting at is how others can expand on the model!

For example, consider how an artist could add something like a 5% mint tax to an infinity-style mint, so they could keep a portion of the proceeds and minters could still get refunded with 95% of their underlying deposit later. Boom! New monetization model for creatives. 

There are other instances you can imagine here, like an infinity-mint system employed in a web3 game as refundable deposits players use to access a rare dungeon, and so on and so forth. 

My grand point, then, to close things out? There’s no going back. We’re now poised to see many more “infinity edition” experiments in the years ahead, and it’ll be interesting to track all that’s to come here accordingly!

Action steps

A Bankless Citizen ⚑ turned $264 into $6,077 last year. A 22x ROI 🚀 in a bear market!

Level up

🙏 Together with 🦊 MetaMask Portfolio 🦊

The web3 ecosystem is an expansive world, full of endless opportunities for those curious enough to explore them! Head over to MetaMask Portfolio to get started, where you can view your assets in one place and discover other features such as Buy, Swap, Bridge, and Stake.

Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here.