Hi all, addressing latest events, as we expected and announced drain function lead to some arbitrage and front running experiments and rocket science. Here are two examples of mass drain and value extortion:
https://etherscan.io/tx/0x9bbf9bc9970bd5870c78805e7d24d8d50b07c8f8c4a8450557c485622d92b19b
https://etherscan.io/tx/0x417cd179cb3d28d6548e6853ab92998bc352b44f45bf5fddb300bcbedbb87828/
In the first one arbitrager paid 0.4 ETH as a fee, burnt ~1200 DRC, sold ~3.2 ETH worth of tokens, and received additional 1.3 ETH. Overall he gained ~0.9ETH as a profit(1.3 - 0.4), brought ~1.9 ETH value in DRC/ETH pool, and burnt 1200 DRC.
In the second one arbitrager paid 0.4 ETH as a fee, burnt 867 DRC, sold ~4 ETH worth of tokens and received additional 1.6 ETH. Overall he gained 1.2 ETH as a profit (1.6 - 0.4), brought 2.4 worth of ETH in DRC/ETH pool and burnt 867 DRC tokens.

So, a significant amount of DRC burnt and a huge portion of ETH remained in DRC economy. Arbitrager received only 30-40% of total ETH.
Here I want to explain why it isn't that damaging as you can think.
Let's imagine the most radical case - Even in case of a flash loan attack, Dracula Protocol is protected. To make a full cycle attacker needs to swap ETH -> DRC and DRC->ETH with a pretty massive amount of money. He will need to pay a 0.3% fee. As a result, it's rational only if the amount of possibly drainable tokens is more prominent than 0.3% of attacker amount X.
Secondary protection is Uniswap math in general. Cutting the story short, if the attackers' amount is close to the same amount of ETH in the DRC/ETH pool; as a result of attack, he will secure only
R - (R / (4+ (R/E))) worth of tokens. Where R is the Dracula Protocol reward and E is existing pool reserve in ETH.
In case of reward being small enough ~1-2%, it will be ~0.75 of the total reward. And at least 25% of funds will be added to pool in addition to 0.3% fee.

So, in other words DRC/ETH pool is protected by math and fees. Arbitrage is reasonable only the moment when it's bigger than 0.3% of attacker funds.
And, finally if this is a problem later, we have a way to make it admin/smart contract function.

We invite this developer that has created this contract to contact us, as we are interested in bringing experienced solidity developers into the team.
We encourage everyone to get into arbitrage and front running race, as the more participators - fewer losses for the ecosystem. And it's more fun.

Lord Dio in Deleted

Hi all, addressing latest events, as we expected and announced drain function lead to some arbitrage and front running experiments and rocket science. Here are two examples of mass drain and value extortion:
https://etherscan.io/tx/0x9bbf9bc9970bd5870c78805e7d24d8d50b07c8f8c4a8450557c485622d92b19b
https://etherscan.io/tx/0x417cd179cb3d28d6548e6853ab92998bc352b44f45bf5fddb300bcbedbb87828/
In the first one arbitrager paid 0.4 ETH as a fee, burnt ~1200 DRC, sold ~3.2 ETH worth of tokens, and received additional 1.3 ETH. Overall he gained ~0.9ETH as a profit(1.3 - 0.4), brought ~1.9 ETH value in DRC/ETH pool, and burnt 1200 DRC.
In the second one arbitrager paid 0.4 ETH as a fee, burnt 867 DRC, sold ~4 ETH worth of tokens and received additional 1.6 ETH. Overall he gained 1.2 ETH as a profit (1.6 - 0.4), brought 2.4 worth of ETH in DRC/ETH pool and burnt 867 DRC tokens.

So, a significant amount of DRC burnt and a huge portion of ETH remained in DRC economy. Arbitrager received only 30-40% of total ETH.
Here I want to explain why it isn't that damaging as you can think.
Let's imagine the most radical case - Even in case of a flash loan attack, Dracula Protocol is protected. To make a full cycle attacker needs to swap ETH -> DRC and DRC->ETH with a pretty massive amount of money. He will need to pay a 0.3% fee. As a result, it's rational only if the amount of possibly drainable tokens is more prominent than 0.3% of attacker amount X.
Secondary protection is Uniswap math in general. Cutting the story short, if the attackers' amount is close to the same amount of ETH in the DRC/ETH pool; as a result of attack, he will secure only
R - (R / (4+ (R/E))) worth of tokens. Where R is the Dracula Protocol reward and E is existing pool reserve in ETH.
In case of reward being small enough ~1-2%, it will be ~0.75 of the total reward. And at least 25% of funds will be added to pool in addition to 0.3% fee.

So, in other words DRC/ETH pool is protected by math and fees. Arbitrage is reasonable only the moment when it's bigger than 0.3% of attacker funds.
And, finally if this is a problem later, we have a way to make it admin/smart contract function.

We invite this developer that has created this contract to contact us, as we are interested in bringing experienced solidity developers into the team.
We encourage everyone to get into arbitrage and front running race, as the more participators - fewer losses for the ecosystem. And it's more fun.

Ethereum (ETH) Blockchain Explorer

Ethereum Transaction Hash (Txhash) Details | Etherscan

Ethereum (ETH) detailed transaction info for txhash 0x9bbf9bc9970bd5870c78805e7d24d8d50b07c8f8c4a8450557c485622d92b19b. The transaction status, block confirmation, gas fee, Ether (ETH), and token transfer are shown.

hottg.com/DraculaProtocol/6506

edited  Oct 9, 2020 at 12:38