In light of the recent situation, a lot of people have voiced their concerns over the possibility of a second/further exploits on the contract/gnosis proxy. For those unaware of what went down, here’s a brief recap:

4 unverified contracts were created by this address: https://etherscan.io/address/0x2D92B25AB1a7461802b0758924e8634e6D5d16f9

0x3fb217e3b434e716cb80f4982ce83a88f584683a 0xda04e6b3e28f1673a208e15650de5e5878ccfeb7 0x4b606d9920899788b70f3bde109f1bc95841b4e2 0x965f917b8e6474d7d3f428f6e8a19a033a308f02

The exploiter then executed the following tx: https://etherscan.io/tx/0x191d7e493aa0ea69793a066e115c30f4631e72d6620250f56e075022c6357f45

The exploiter then proceeded drain a portion of liquidity that was contained in a gnosis proxy using Uniswap that was allocated for mainnet SRA20 SERA tokens.

The exploiter used void.cash to deposit 0.1 eth and withdraw to the address the pulled LP from, this angel wallet (https://etherscan.io/address/0x71ed5f627371896ef5fa0cb490f17b9e75550c1f) was funded by stealthex.io. We were in talks with them to get the funds frozen, however we noticed the exploiter shifted funds from the wallet to a fresh one and proceeded to send a 2 ether transaction to FixedFloat hot wallet. We immediately contacted FixedFloat.com, and they were able to freeze and recover the subsequent transactions that took place: 5 Ether: https://etherscan.io/tx/0x16d399a2dd768f08355a2bb99f8dc7b2755607f4ccaccc4ff3d37607200f6d1c 8 Ether: https://etherscan.io/tx/0xc9a849de47b87d704a135200231ef183688b3ea001be3b7fbdf572d769b06c2e 7 Ether: https://etherscan.io/tx/0xfeb10c5a8a883621f6d84697ed24122b8ba86c4d6d4b793dac51869b704cd5fe

Fixed Float

Thanks to the swift intervention by the Fixedfloat.com team, they then recovered these funds and sent them to our new deployer wallet after we provided them with ample information regarding the situation. We have also shifted all the Ether that was in the old seraphdeployer.eth wallet.

All good? Well, not entirely.

The old deployer wallet is still compromised, and as the contract is renounced we are unable to change the Fee & Auto-LP Recipient and for this reason it is still open to potential exploits in the future. We deliberated over this internally and have come up with a solution that we feel should amend these issues.

We have taken a snapshot of all current holders at the time of when it had occurred and we have devised an action plan in order to compensate holders proportionate according to their exact losses. Myself and Verdant have decided to pool together 150,000 DAI as a compensation plan for anyone who was affected by the negative price action this exploit caused.