brypto

Yesterday my Airdrop was stolen by a MEV bot.

This is because Tokentable responsible for WayFinder airdrop claim contract, configured it badly. I think they just vibecoded the SC.

In the smart contract the recipient for the airdrop was not pre configured in the merkle proofs. there was no check on msg sender within the merkle proof verification.

The "yoink" mev searcher quickly reacted exploiting this vulnerability frontrunning any slow claim. They claimed airdrops worth of $200k+, including my ~$2k allocation.

Fortunately today tokentable reimbursed everyone including myself with initial airdrop allocation + 300$ compensation. 

Nice. But how to avoid such mev attacks in future?

- Use private mempools like the one from flashbots

- Use Alternative RPCs: MEVBlocker or Meow RPC provide MEV protection by routing transactions through private channels. install here: https://cow.fi/mev-blocker

oh okay nobody care, too long of a post I guess