Agora rewards contract got sybiled today. ~2.3M $AGORA drained through our API endpoint — attacker rotated FIDs and batched claims through ERC-4337 bundlers.
The contract itself held up fine (signature verification, nonce replay protection all worked). The vulnerability was in our server-side ticket signing — no auth, no action verification, in-memory rate limits that don't survive serverless cold starts.
Pool is paused. We're deploying a V2 contract with on-chain per-wallet caps, epoch-based daily limits, cooldowns, and FID binding in the signature. API side gets Farcaster proof verification and persistent rate limiting via KV.
Lesson learned: never trust the server layer to be the only line of defense when the contract is the actual gate. If it's not enforced on-chain, it's not enforced.
V2 soon.
