Is Pond0x a scam or a social experiment? How did Pauly, the number one anti-fan of Bored Ape, stir up trouble?

Author: MetaEra, 237
Abnormal surge in gas fees
In the early morning of July 29, 2023, the night was as peaceful as usual. But at this time when people should be sleeping peacefully, the crypto world was filled with some unusual agitation...
According to Nansen data, in the early morning of July 29, the gas fee of the Ethereum blockchain suddenly soared, with the median reaching 360 gwei at one point, and the network conditions became extremely congested.
At the same time, a chat screenshot began to spread among WeChat groups.
At first glance, this seems to be just an ordinary chat screenshot, but one sentence from 0xSun stands out:
“To be honest, I don’t know what happened. I bought 1 ETH on the website I posted, and then I found that I could keep selling dozens of ETH, so I kept selling.”
So, what exactly happened? What is the official website that 0xSun mentioned in the conversation? What does he mean by buying 1 ETH and selling dozens of ETH? And is all this related to the crazy increase in Ethereum gas fees?
Now, let's go back to the source of all this commotion, which is the URL mentioned in the above conversation:
Pond0x: Scam or social experiment?
 
After clicking on the URL mentioned by 0xSun, we will find that behind it is a project called Pond0x. Pond0x is a project launched by Pauly, the founder of the NFT market Not Larva Labs. In terms of the nature of the project, the author tends to define it as a Memecoin.
At 12:29 am on July 29, 2023, Pauly posted a tweet that first announced the website address and token contract address of Pond0x.
“Welcome To Pond0x
http://Pond0x.com • $PNDX
Contract: 0x1d4214081985ad20aa3ca93a2206ae792635cbec”
 
Once this tweet was released, it instantly attracted many Memecoin players with a keen sense of smell. This is also closely related to Pauly himself. As for his story, I will connect it into a separate section later, so I will not go into it here for the time being.
The release of Pond0x quickly caused a small wave of enthusiasm among Memecoin players. Funds from all parties began to flow into the Pond0x pool through two channels on Twitter (the official website and the token contract address).
At this point in the story, it seems that Pond0x will follow the path of general Memecoin - creating popularity, expanding the pool, and continuing to spread, and then early players cash out and leave, and latecomers take over the market. But this kind of bland gameplay is obviously not Pauly's style. As expected, Pond0x is not just a simple plate.
The first person to discover the clue was a player named 0xSun, who is the protagonist in the chat screenshot above.
As a veteran Memecoin player, in the early morning of July 29, 0xSun opened Twitter as usual and browsed information in the hope of discovering some potential opportunities. The latest developments of Pauly, who had long been on his follow list, quickly caught his attention. Without thinking for a long time, 0xSun deposited 1 Ethereum into the Pond0x pool through the official website and obtained a certain number of PNDX tokens. Then, while paying attention to the price of the token, he found some clues - the cost of obtaining tokens on the official website was hundreds of times lower than that on Uniswap! So, he began to tentatively sell his PNDX tokens on Uniswap. In the end, he was surprised to find that he had sold 44.5 Ethereum for the tokens he obtained with 1 Ethereum. After completing this confusing transaction, 0xSun quickly shared his wonderful experience in the WeChat chat group. This is how the above chat record came about.
 
It turns out that the official website of Pond0x is not a real Swap, but a PEPE LP Farm in the guise of a Swap. Users who perform Swaps through the website actually inject their Ethereum as liquidity into the PEPE LP Farm. Correspondingly, these users will receive a PID (representing their assigned ID) and a base number, which will determine the user's share in the pool, that is, the fixed exchange amount of PNDX tokens. This can actually be found by clicking on the "HOP INTO" of the official Swap.
 
At the same time, from the on-chain data provided by the Ethereum browser, we can also find that the Method column also shows Mine Liquidity, not Transfer.
The token contract address provided by Pauly on Twitter is the real token transaction address, which is hundreds of times more expensive than the official website. From this design, we can understand that Pauly may have intended to "sacrifice" some users as liquidity from the beginning.
But then someone will ask, if all users obtain PNDX tokens through the official website, then this design is meaningless? Good question!
So after a large number of users flooded into the official website, the latecomers would find that they could no longer access the website due to network congestion. At this time, users who were attracted by the huge profits and did not understand the fundamental logic of this incident, after finding that the website could not be accessed, seemed to have only one choice in front of them - to rush the contract. And this was exactly what Pauly wanted - the "sacrifice" was coming. When these users flooded into Uniswap and completed the swap, they would only be greeted by the endless dumping of the official website users (and their own astonishment).
Reviewing the logic behind Pauly’s operation this time, we can find that he really understands the user habits and psychology of Memecoin users.
First, Pauly spread the word on Twitter to attract initial users, and made a distinction between contracts and websites (to see if users can read the rules clearly before entering the gambling table). Then, he distributed a large number of low-priced chips to users with a keen sense of smell, insight into the rules, and good luck (i.e. website users) to smash the market with him. Subsequent users who poured into Uniswap can only become contributors to liquidity. From this process, we can see that Pauly has long understood a principle: "The essence of an excellent project is not to make everyone make money, but to make its core users make money." At the same time, Pauly also understood very well that the way Memecoin spread in the community was mainly through the contract address rather than the website, plus the guaranteed first-hand website flow limit, so that it was able to "excellently" complete the mission of making its core users make money.
But the story doesn’t end here.
Twitter user @YazanXBT tweeted at 12:57 am on July 29, 2023 that there seemed to be a vulnerability in the Pond0x contract code and the Pond0x in his wallet had been transferred away in an unknown way.
 
Afterwards, many users also said that they encountered the same problem.
Professionals have verified that there are indeed problems with Pond0x's contract code. The transfer function in the contract code below allows anyone to transfer tokens from any address.
The project team may have misunderstood how Ethereum works. The function of the Gas operator in the EVM is not to give a non-deterministic Gas Cost, but to give the Gas Remaining that has run to this point. Therefore, this function allows attackers to arbitrarily control the calculation results by controlling the given Gas, thereby easily transferring the balance in any coin holding address.
As soon as the news of the existence of this vulnerability was released, a large number of users began to frantically exploit the vulnerability to fleece each other. Coupled with the melee in the Pond0x secondary market, the gas fee of the Ethereum blockchain once exceeded 400gwei.
Pauly, who triggered all this, had already completed the arbitrage of more than 400 Ethereums and fell asleep peacefully.
“On-chain data shows that the two associated addresses realpond0xdev.eth & 0x36…40BC have profited more than 450 ETH from this event.”
Who exactly is Pauly?
 
For the OG of NFT, the name Pauly is well-known, if not overwhelmingly so.
1. "Number One Monkey Black"
I believe most people got to know Pauly through his long-running battle with BAYC.
At that time, BAYC was caught up in a whirlpool of public opinion regarding Nazism, white supremacy, and racial discrimination against blacks and Asians because of its pattern issues.
“On June 21, YouTube blogger Philip Rusnack released a video accusing BAYC of using Nazi images and pursuing white supremacy in its NFT image design. He claimed that the BAYC image was based on racist cartoons that smeared black and Asian people, and compared the symbols and language used by Yuga Labs and BAYC to the Nazi Totenkopf logo. Rusnack called on his viewers to send their AYC holdings to a black hole address for destruction.
Mark Pitcavage, a senior researcher at the Anti-Defamation League’s (ADL) Center on Extremism, sees no connection between BAYC’s logo and Totenkopf, but agrees that some of the NFTs’ features and attributes are problematic, such as the “hip-hop” feature with a gold chain and the “sushi chef headband” being stereotypes of black culture and the Japanese, respectively.
But no matter what the outcome is, this incident has sparked widespread discussion in Europe and the United States. Even celebrities who once used BAYC NFT as their social media avatars, such as NBA star Curry, have changed their avatars.
There is one person who cannot be ignored in this incident, and that is Ryder Ripps.
This person can be regarded as the number one opponent of BAYC. Since December 2021, Ryder Ripps has begun investigating BAYC and Yuga Labs behind it. Through months of in-depth research, Ryder Ripps and other community members have discovered extensive connections between BAYC and Internet Nazi troll culture.
BAYC's ape characters have a variety of costumes and features, most of which Ryder Ripps believes are racially oriented or refer to some type of military history.
The infamous term “Simianization” is the practice of derogatorily comparing members of a racial or ethnic minority group to apes or monkeys. This practice has been around for hundreds of years and is intended to justify violence and racism against another group by comparing them to apes.
Simianization occurred in large numbers among different ethnic groups, including Jews, Irish, and Asians, but it was primarily used as a strategy to deal with black people. Even today, this behavior has not been eradicated, such as the barbaric act of throwing bananas at black football players on the field.
Ryder Ripps believes that Yuga Labs is using BAYC to discriminate against Asians and blacks in a simianization way. At the same time, Ryder Ripps believes that the Yuga Labs team deliberately embedded Nazi dog whistles in the entire project with ulterior motives. He listed more than a dozen pieces of evidence to prove that he was not talking nonsense.
Pauly is a friend and supporter of Ryder. At the same time, they mirrored BAYC and released an NFT series dedicated to ridicule - RR/BAYC. What's more ironic is that this series once topped the list of Opensea 24h transaction volume. Later, Yuga Labs filed a lawsuit against the two for copyright infringement.
As for the outcome, I don’t know at the moment, but even if there is indeed a dispute over copyright, BAYC’s own problems are clear to the public, and I believe there will be an answer in the end.
2. “CryptoPhunks” and “Not Larva Labs”
Copyright issues have always been regarded as one of the core issues of NFT, and there are huge differences in the way NFT projects grant copyrights to NFT holders. The most common ones include the following:
1) There is no statement, giving NFT holders a default license with vague boundaries;
2) grant clear limitations and permissions, usually for commercial and non-commercial uses of the work respectively;
3) Open the copyright of the work to the public domain, that is, adopt the CC0 license.
Unfortunately, most NFT projects currently adopt solution 1) by default, which goes against the concept behind Web 3.0.
Among these projects, the most controversial one is the big brother of the NFT track - CryptoPunks.
CryptoPunks was released on June 10, 2017, and its development team is Larva Labs. From the page snapshot at the time of its release, there is no statement about copyright on its entire website.
In 2019, Larva Labs co-founder Watkinson announced in the CryptoPunks Discord channel that they would adopt the NFT license created by Dapper Labs. The NFT license allows NFT holders to display artwork and only allow it to be used for commercial purposes if the annual revenue does not exceed $100,000, but the holder cannot modify the artwork or use it to market third-party products.
As expected, this move aroused strong dissatisfaction and heated discussions among holders. Opponents believed that its approach was contrary to the vision of anti-censorship and decentralization, and many holders chose to leave CryptoPunks at that time.
Therefore, at the end of 2021, a team called NotLarvaLabs released an NFT series called "CryptoPhunks" to formally challenge CryptoPunks' vague copyright claims. At the same time, Not Larva Labs also sent an open letter to Larva Labs, saying that they adopted the project's IP in the name of "true decentralization" (the image of the CryptoPhunks NFT work is almost completely copied, except that the direction of the face of the CryptoPunks work is changed in the opposite direction. PS: This seems to be Pauly's usual method).
“It’s time for the NFT community to wake up. It’s time to stand up to censorship resistance and make changes that go beyond our ubiquitous Web 2.0 systems.”
Our protagonist today, Pauly, is introduced on Twitter as the founder of NotLarvaLabs.
 
 3、yougetnothing.eth
In addition to NFT, Pauly has also clearly played out social experiments.
On May 30 this year, Pauly opened an ENS address named "yougetnothing.eth" to the community to accept Ethereum, and clearly stated that no returns would be provided. Even so, the address raised nearly 600 Ethereum in one day.
Many people speculated that this move was intended to satirize Ben.eth’s fundraising behavior and those who hoped to receive airdrop rewards by donating to Ben.
However, although we do not know and have no way to verify what Pauly's real intentions were, he did question human nature through this action.
Conclusion
Back to the Pond0x incident itself, after learning that the operator behind it was Pauly, I was not surprised at all about the subsequent development of the incident. After all, Pauly is such a person who does not play by the rules.
However, I find it difficult to agree with Pauly’s actions this time. At the same time, Pauly undoubtedly bears an unshirkable responsibility for the loopholes in the smart contract.
However, I find it difficult to agree with the behavior of ordinary investors who lose their minds, give up thinking, and rush in when they see opportunities. We all know that the crypto world is a wild place full of risks and a big gambling table that tests human nature.
Therefore, before going to the gambling table, understanding the rules is undoubtedly an indispensable self-cultivation for every "gambler".