On April 15th, the condition we were worried about has happened; the hacker account moved 600,000 BNKY to another account and traded 10,000 BNKY on the BNB/BNKY pair. I was lucky to find this 11 minutes after these two transactions, and I finally decided to hard-fork BNKY to a new token and notified this decision in the telegram group. My reason is as follows:
- I used to believe in “code is law” and choose to live with hackers because I think hackers do not care too much about money, only care about showing off their superb ability. It turns out I am wrong; I learned from Jackie’s lesson that if you give others the ability to do evil anonymously, they almost certainly will do it.
- The second reason is simple, and these 23 BNBs are my final stake; if I lose them, this project will die instantly.
The un-successful BNKY V1 token release has taught us many lessons; therefore, we need to consider these factors for the hard-fork BNKY V2 token:
- openzepelin’s checklist. To be frank, if I have the chance to look at this article before I release the BNKY token, I will choose not to have the token because, basically, the Bonkey dAPP does not need a token to be functional. However, since we already have some investors, terminating a token would harm their profit. Thus, I will do the V2 hard-fork simply for investors to have a chance to claim their funds back.
- Initial token distribution, lots of people complained that our token distribution is too much concentrated. There are multiple ways to distribute the token out, for example, the IDO or IFO. We have applied for both and got no luck. Since I have withdrawn liquidity from pool with transaction1 (1,449,968.47)and transaction2 (229,105.57) and Michael’s initial share is 20%, the snapshot of BNKY V2 will transfer ((1,449,968.47 + 229,105.57) * 1.2 = 2014887.6) to my account, then transfer from this account 335,814.8 to Michael’s account. I will put all my BNKY back to the liquidity pool. In the future, the only source of newly minted BNKY tokens will be from MasterChef.
- Time lock, I conducted some research on articles , , but I feel like these solutions are a little bit too hard to implement. Also, they will introduce two more problems 1) increased gas consumption 2) possible bugs in the BEP20 code. Therefore, my solution is not to include timelock in the implementation but to introduce two code features: 1) BNKY BEP20 contract will be upgradable. Whenever we want to include the time lock function, we can upgrade our contract to enable it 2) we have governance in our code, so important decisions will be made by voting instead of one person.
- Mint and burn, the V1 Bonkey does not support mint or burn; in the V2 version, we will integrate the mint and burn function in the same way as pancakes were.
- Existing liquidity pools / staking / farms. This is the biggest challenge for us, because we can not snapshot these contracts. The only way to handle this issue is to post an notice to let these liquidity pool owners to withdraw their fund, and report to us about the BNKY amount, so we can manually offset the difference. However, since this action is done at the different time of snapshot, there will be accuracy loss.
The new Bonkey BEP20 token code is at https://github.com/Bonkey-Team/Bonkey-core/pull/44/files for audit, and the deployed contract is at address: https://bscscan.com/token/0xAdc8e9B18b671DF686acCe0543F086293f2ef886 .
Note: We only migrate accounts with BNKY more than 50.
We also promised to award those who created profile in bonkey finance 300 BNKY, these addresses are: