Discover more from tactical_retreat’s stuff
Non Fungible Token (botting)
En Eff Teeeez
In late June, I was on vacation taking advantage of my highly illegal proceeds from Crabada botting.
Unfortunately, this happened to be the day that Joepegs launched #freemintmondays. A bunch of friends were listening and they all managed to grab Smol Joes. After seeing those balloon up to 400 Avax and hearing that these free mints would be a regular thing, I started looking into writing an NFT minting bot.
I didn’t know much about NFTs or minting them. I’ve mostly only lost money buying random garbage on Avalanche, and occasionally on Ethereum. Lets never mention Ragnarok Meta again.
But I do know some stuff about interacting with smart contracts, and free mints are a pretty low risk investment. I was on vacation for most of the week, but I managed to slap together a really shitty NFT minting bot before the following Monday.
Normally on Mondays I’m hard at work slaving away at McDonalds, but I took a quick break to try and wrap up my bot and set up for the mint. The first mint of the day was Satoverse, and I unfortunately wasn’t prepared for it, making final adjustments to the bot (because I procrastinated). The second mint was Smol Lands, and I kicked off my bot… and all three mints failed.
It’s a testament to how under the radar these mints were at the time that I managed to tab over to Snowtrace and still manually mint one from contract in time.
Gathering the gang
After fixing that glitch I had a pretty functional bot. I could have just split Avax into 100 accounts and kept botting on my own, but it’s more fun to get your bros and fembros in on the action.
If you’ve read my previous pieces you might be aware that it was relatively easy to get a bunch of people to give me their private keys so I could make money for them. And once again, I put out the call for my friends at Cynical Hate DAO to make a few accounts and stash some Avax in them, and suddenly I’m botting on behalf of 20 people with about 40 accounts.
Also once again, I asked for a small cut (20% of any profit) but put zero effort into enforcing any payments, and people still seem to pay up.
In my last adventure, I had people run their own bots on their own hardware. For this one, I’ve just been running everything on behalf of everyone. It’s way too nitpicky to set things up for minting. Every mint is its own little adventure of mint method name, arguments, payability, and mintability trigger. No way the most redacted people I’ve ever met would be able to reliably get that right.
On the warpath
I wasn’t really paying attention to the free mint season on Eth, but I guess something similar to that (except infinitely poorer) started happening on Avalanche. Free mints started popping up left and right. We’re all retweeting and liking these stupid shits to try to get whitelisted and make some easy money.
But regardless, most things weren’t minting out from whitelist. And then that’s when the evil bots swoop in and take over. I probably minted 1-2 things every day for the first couple of weeks. At that time I was still writing custom scripts for each mint, lets take a little look at the archive.
After a while I finished some more generic minting bits and bobs and just started swapping out contract and other parameters in a template, so this is a pretty incomplete list. I haven’t kept the best accounting.
I wrote a script to tally up the mints and it seems like we succeeded in about 47 of them, although that’s a pretty rough score; some of them were WL-only and I don’t care to figure it out. I probably failed to mint at another 15-25 of them.
Not that every mint was a winner. We developed some pretty objective metrics about what was ‘good art’.
Failure to mint
I’m not ashamed to admit that I’ve fucked up quite a few mints. Here are some fun anecdotes about that.
People are always fucking up their contracts. One time someone set up their contract incorrectly and I accidentally minted it out before they even announced it. They ended up nulling out the metadata, relaunching the contract later on and I didn’t notice.
Terrible use of contracts
A surprising number of people rely on the countdown in Campfire and leave the contract open to minting. Just the other day I set up a minter waiting for the ‘set public mint live’ event to trigger… and it never did. They had set the mint live from the start.
Bad at my job
Lots of mints, particularly the ones that just seem worthless, I’ve half-assed and fucked up. Mistype’d a function name, incorrectly understood the ‘live’ logic, etc.
By popular demand I tried to mint The Saudis on Eth. Let me tell you, the contracts people are using on Avalanche are like baby’s first contract. The ones on Eth are insanely more sophisticated. I completely misunderstood how that mint worked and never even sent a mint TX.
Botted so hard I ruined the collection
For some reason, some people insist on making small collections with multiple mints per wallet in the same tx. A couple of times I’ve literally minted out 80%-100% of the collection. Sometimes the collection owner takes this a bit personally.
I don’t feel that bad about this guy though; he copied some art from a mint on Solana and pixelated it.
OK these are just embarrassing
A couple of times I fell asleep without starting the minter.
My kid has shut my laptop off while I was busy doing something else.
I’ve made a lot of stupid mistakes. Moving on.
Things start getting real
It doesn’t take a genius to figure out that bots are starting to participate in mints when the mint finishes before you can even click on the mint button.
Threads of people complaining about the bot problem start popping up all over Twitter. The investigative journalism begins.
A couple of different people started investigating suspicious mints, and these posts were always fun to read. It was strange to see some mints that I botted declared ‘clean’ and others ‘dirty’. I wasn’t doing anything particularly evasive. Maybe it was the presence of more suspicious botters that made the difference?
Possibly the fact that I’m botting on behalf of a a bunch of different people is the key difference. Certainly less obvious than a single account funding 30 different addresses and then funneling the proceeds back.
After reading some of the techniques they used to identify botters I did make a few technical adjustments to make things more annoying for them, for my own personal amusement.
The anti-bot wars begin
OK this title is probably a bit hyperbolic. But it was fun to write.
To a technical person, the right solution for an issue like this is a technical safeguard. I saw a few attempts pop up here and there, the most sophisticated of which was Campfire’s signature minting.
Kudos to Campfire; they did an excellent job implementing this. I didn’t find any problems with their implementation, and I couldn’t think of anything they could really do better to stop bots.
And honestly, this actually stopped me the first time I tried to mint one. Have I mentioned that I’ve half-assed a few things? Well testing is one of those things.
After that failure I did some better testing and I felt good about succeeding the next time. I was so annoyed they didn’t use this tech for more mints. I really wanted to try my anti-anti-bot to see if I could beat their anti-bot. It ended up taking a long time to get that sweet sweet minty revenge.
I’m a bad uncle.
Sexy bot-on-bot action
A few times I noticed my bot failing to mint for no good reason. After each time I unexpectedly fail I do a little post-mortem on the minting transactions to see why, and it became obvious that I was starting to see more competition from other botters.
There’s not much motivation to improve things when you’re winning, but when you’re losing you find improvements pretty quickly. I went through a couple of cycles of getting annoyed at failing, and upgrading my bot. The most annoying of these failures was the Smol Apa mint.
Some OTHER jerk botter swooped in and beat my bot and I got zero Apas =(
This was the motivation that led to my most recent round of upgrades. Since I implemented those upgrades, I can basically win any mint I chose to, with the caveat that I don’t have a validator. Without a validator I have to guess at the right gas settings. Set them too high and you waste money on the mint. Set them too low, and someone beats you.
The free mint season seems to be coming to a close, and with it, the easy profits from botting avax mints.
I still have a bunch of my friends’ wallets and they’ve taken to submitting those addresses to whitelists and whatnot so I can mint on their behalf and they don’t even have to press buttons. If they want to be opted into a paid mint, I can make sure they get it.
Meanwhile, my redacted friends have moved on to aping into stupid dog chain tokens.
Up next will be my technical article on the art of botting NFTs.