According to a paper trail and word of mouth, an infeasibly large number of HADE tokens (more than the total supply) appeared for sale on IDEX on Sunday June 3rd, however, they have since been delisted so this cannot be documented. The result was a decrease in trading price and some questions.
-
No new tokens were created. According to etherscan (a site that reads directly from the Ethereum blockchain), the total supply is still 75 million HADE, so no new tokens were created through the token's smart contract
-
No suspicious transfers of HADE were made. Again checking etherscan, we see that the largest transfer on June 3rd was for 590,258 HADE. While not a small number, this accounts for less than 0.8% of the coin's total supply.
Here I will describe some of the possible causes that have been suggested to me and describe why they cannot be the cause.
A software bug, known as the batch overflow bug, was found in a few ERC20 tokens this April. It exploited a "luxury" function that allowed transfering multiple users the same amount of coins. The hack works by exploiting the way that computers store numbers and amounts to forcing an integer overflow during an unchecked multiplication. Since the batchTransfer function wasn't included in the HADE token, this bug cannot affect the HADE Platform token.
The HADE Token contains a protected, owner only function called mint(). It is the only way to increase the total supply. This function works by checking to see who sent the transaction, and, if it's anyone but the owner's multisig wallet then it will reject your call and revert any attempted transactions. If it is the owner, then a transfer is made from the zero address (i.e. 0x00000...000) to the owner and would be clearly seen on etherscan. Since the total supply didn't change, and no transfers from the zero address were made to the owner, this function could not have been called.
Related to the above, there is no reason at all to doubt the security of the owner's multisig wallet. Since the total supply didn't change, and no transfers from the zero address were made to the owner, we know mint() was never called, and thus the owner's multisig wallet was not hacked.
Months back, the Hydro project reported a bug in their transferFrom() function and deployed a new token as a result. This was a result of the so-called "race condition" on the approve() function, which is described in detail here.
The HADE Token uses the Standard ERC20 implementation from open-zeppelin, the community leader in smart contract security. The verified HADE Token code shows the updated implementaion of approve() and "SafeMath" operations in transferFrom() (to prevent integer overflow or underflow). For reference, here is the original Hydro token code and the updated code. Note the differences in approve() which must always be called before a transferFrom(). HADE Token is safe from this bug and was created with industry standard implementation from open-zeppelin.
The HADE token is safe, and no faulty transfers or token creation have been observed on the token's smart contract. If the IDEX exchange observed trading behavior that was suspicious enough to delist HADE, they should release a public audit of their findings to ensure that their trading platform works as advertised.