True to the nature of interacting with the web3 ecosystem, our concept of time has been decimated yet again. The past 6 weeks simultaneously feel like a year and a blur at once. Looking back has consistently overwhelmed me with how much has happened in such a short time.

We’ve got a lot to get into, but I would like to preface this with a huge shoutout to our team, and to our community. After our initial mint did not go very well, we all had some concerns about what’s next. None of us gave up, and nobody stopped coming up with creative solutions and ideas. Our level of determination, ethos, and patience were all tested, and I feel that we came out with our souls intact, and our commitment reinforced.

And to be perfectly clear, by “we,” and “us,” I mean both our team and our community. This has been an amazing trip with intense highs and lows, and I can confidently say that we have all arrived at a really good place, all things considered. Bear or bull, we are making it happen.

01 // Numbers

Let’s get into what happened by starting with a quick timeline and some stats.

Launched mint // June 16

Total mints June 4: 631/6655

Total holders June 4: 237

We went to mint and were not anywhere near happy with the outcome. See the article linked below for full details and how we approached things. This is a personal letter from CFW:

Refunds & Airdrops // July 9 & 10

All folks from previous mint received a 50% refund

All OG Pillheads received stacked airdrops

Please see above link to CFW’s personal letter for details. Along with our project manager Potadough (who is very active behind the scenes), we think it is very pertinent to note here that has observed our tradition of giving back to our holders, during a time when he is at a loss. While we were considering our next steps for mitigation and management, CFW was focused primarily on ensuring our ethos comes first.

Launched free mint // July 11

Total mints July 15: 6655/6655

Total holders July 15: 1,440+

As of today (July 15th), our volume is just north of 110 ETH, and we have 1440 holders and rising. While the floor does what the floor will do, our community has been absolutely amazing. Talk about “Up Only.” I have no accurate way of expressing how humbled and thankful we are for both our past and new members, and how impressed we are with the quality of engagement.

For those interested in seeing a holder/token breakdown, Etherscan has a great tool for this: Pillheads Token Holders

Some of the number we were seeing this week as our volume increased were also really fantastic. We ranked and trended visibly on Icy Tools, Opensea, and various other NFT trackers. In fact, on OS, we were ranking as high as 73rd among Ethereum projects on day of reveal.

02 // Free Mint: What Happened?

We’ve gone over what happened during Free Mint on the 11th in Spaces, on Discord, and VC with various folks. We believe it’s important to lay all of this out clearly here, so that everybody can understand what went down during Free Mint Phases. We learned some big lessons, and hope that others can also benefit from learning about the chain of events that occurred.

The first thing to understand, is that our contracts were not designed for a free mint scenario. They were designed with quite a few things in mind. Here are the major ones:

• A 1st presale state for previous holders and Happylisted minters, at 0.1 eth.
• A 2nd presale state for winners of a Public Raffle (via premint.xyz), at 0.11 eth.
• A 3rd and final state for the public; all unminted tokens would be available to mint.
• The implementation of a “Soulbound” mechanic until public sale
• Gas optimization to a massive degree by using the erc720 standard
• 1 txn per wallet (multiple tokens minted at once, once)

Read full article about this here:

All of these tenets were a product of our belief in a fair and equitable approach to minting, based on unfair outcomes we had perceived from a massive number of other NFT projects. We also wanted to stay innovative, and bake in some bleeding edge mechanics. Coupled with the market conditions, our attempts at trying to stay ahead of the curve prevented us from minting out.

As per the letter from CFW shared above, we decided to push on with a Free Mint.

At 10PM ET, July 11th we opened up Free Mint Phase 1. This phase was intended to allow Previous CFW Collection Holders the ability to mint, prior to releasing a full on public mint phase. To ensure that past holders that had already minted during 1st presale in the previous mint could still mint (remember, 1 transaction per wallet) we had to get creative. So, the dev team came up with a creative solution to create a web2 based solution.

First, we set the contract to the public sale phase - the third state from the previous mint, wherein anybody can mint. We planned to rely on our contract and our website’s adherence to EIP-712 in order to ward off users from minting on-contract via platforms like Etherscan and using a wallet-signed encrypted message to access our mint function. We then set the API endpoint to target the merkle tree that contained the presale 1 snapshot list of previous CFW holders (minus the Happylist wallets).

We then combined this approach with a web2 database to help enforce our two mint-per-holder allowances during that two-hour period. It verified holder status and kept track of how many they had minted so far. Having spun up a secure DB tracking mints, and a front end lock out for minting after reaching a 2x limit, we then also set a hardcoded integer max value for the minter, of “2.” This way, we would further enforce only requests for a maximum of 2 mints per txn from the website itself.

We thought this set of hoops would be able to obfuscate access well enough to last the two hours necessary, via gating the front-end. We realized that this is an exploitable system, but believed strongly that incentive to game the system was relatively low. This is the kind of sh*t that makes web3 so secure for minting collectibles in the first place, in comparison to the circus we would have to navigate to build a comparably secure web2 application.

To quote Whitelights directly, this “bubble gum and duct tape solution” was the best option we had to mitigate problems. We truly believed that there wouldn’t be enough incentive for somebody to go out of their way to find an exploit in our system. Ironically, it’s in moments when you really don’t think something will happen, it will happen - especially when someone has the intent to take advantage of something valuable.

Which is ultimately what happened. A person (ask us about it on Discord) that has developed a botting system for his “users,” essentially spotted a way to leverage the fact that public mint was turned on (unlimited mints). By reverse engineering the obfuscated EIP-712’s r,s,v values for a connecting wallet, they were able to mint repeatedly from our contract. By flipping the Metamask signed message for their wallet and copy-pasting it into Etherscan (or whatever they are using), they essentially went around the gated front end entirely.

Once we realized something was going on, we stopped mint. Some damage had already been done, and hundreds of tokens landed in botted wallets. Some of the folks utilizing the botting service turned out to be on our server all along, and the creator even showed up in person. Folks even posted about how cool this app was on Twitter later. They were quite proud of this, and we were quite flustered. I will not go through the number of creative swear words I came up with during that time, while we proceeded to regroup as a team and figured out how to proceed.

Our three options to proceed at this point were:

1. Close mint, spend a week or two building a full on, beefy web2 application that would ultimately also be potentially exploitable, and cost us a lot of time.
2. Deploy remaining supply through a brand new contract in the next couple of days, which would result in a second collection on the chain.
3. Stay the course, and proceed with public mint at midnight.

As you all know now, we made a decision to go with option #3.

At this point, some weird, dark, cosmic humor kicks in for us. We had a version of the minter sitting ready for a full on public mint, in a github branch. It was tested, ready to go, and had nothing in it but the correct endpoints. Phase 1 was entirely removed, and only Phase 2 was in it. Zero gating, zero logic pointing at any other API endpoints.

At 12AM ET, July 12th I pushed the Phase 2 branch live. And as the branch deployed, built, and verified, we watched in horror as Phase 2 did not show up, and found out the git branch had reverted as well as our hosting on AWS serving up a cached version of the minting site. Thankfully, the site did load the correct endpoint for the sale, and many individuals were able to mint at this time. By the time I had re-merged, re-pushed, and re-deployed an updated branch, the collection was sold out, and there was a vein in my forehead about to explode.

Note: the above technical breakdown of how things work and what came to pass is a collaborative effort of our dev team working together. Whitelights is our smart contract wizard, 0xDaemon is our glue between web2 & web3, and I (orbgasm) am the front end masher & dev team manager.

03 // Luck & Humanity

We got a little lucky here. That luck has everything to do with our current community, and how secondary sales were handled, as well as the enthusiastic minting that ensued. No one single wallet minted enough that we got royally f***ed out of being able to have a healthy secondary market.

The bottom line is that public free mint went down, how a public free mint should go down, as soon as we opened it back up. We had healthy distribution of quantities, and folks immediately began to scoop tokens up on secondary at prices below 0.01 eth. Within hours, our floor was up from as low as 0.001 to 0.02 eth.

The humanity of the matter is simply that enough of you believed in CFW’s vision and our team, that we were able to arrive at this stage in the project. And once again, I cannot find the words to accurately express how insanely humbled we are by that. Our team is built entirely on trust and is held together with respect and integrity. We are all artists first and foremost, and the thing that brings us the most joy here, is that the entirety of CFW’s creation is now revealed and visible by the public.

To create art with the intention of sharing it with the world, and have it sit in a dark room never being seen, is a dark dream that fuels anxiety, and diminishes the human spirit that gave it life. Even if it is a creation that is not received well by the public eye, the fact that it has been perceived by others, is a form of resolution that is incomparable to any other.

I speak for the core team and our mods (and probably against CFW’s humble wishes), when I say our priority has been that CFW is treated with fairness and respect, and that his work and intentions with it, are seen by as many people as possible. The money we may or may not have made are afterthoughts compared to this.

04 // What’s Next?

Loaded question! We’ve clearly had to re-adjust our timelines and methodology here, as some of our ambitious goals need significant funding to actualize. I can, however, lay out some of our immediate and short-term goals.

1. Pushing Visibility - we are dedicated to getting our project seen, and our holder count increased. Stay tuned for social campaigns, and some larger discussions with multiple communities.
2. Extending on the prior point above: we begin reviewing and accepting project collaborations requests again. Be sure to get on our Discord and open a ticket after July 18th.
3. Rearranging the furniture - we will be updating/upgrading our Discord environment to a post-mint layout, and taking into account community suggestions and ideas. This will not be an overnight process, but rather a long and steady one.
4. Community Events - More Spaces & Stages, and other community events to keep the community connected and engaged.

As always, our Community Manager (and keeper of the ultimate ASMR voice) unkfunk will be rolling out announcements to keep you all informed on all happenings. I encourage anybody reading this to tune into his ability to focus and keep things patiently on track when it comes to community affairs.

As we start getting things sorted, the Team will continue to revisit our Vision, and release information as we come to conclusions that we believe will benefit our community. Please stay tuned on both Twitter, and Discord for the most up to date information.

Thanks for being here!

-o