Matter Labs, developer of Ethereum layer 2 network zkSync, denied claims of “insider minting” on June 26, claiming that all minters of the Libertas Omnibus non-fungible tokens (NFTs) were eligible to do so according to official criteria. 

The statement follows a June 17 X post by blockchain researcher soEasy that accused the team of handing out Libertas Omnibus NFTs to friends of the team who were not eligible to receive them. SoEasy also claimed that these “insider mints” allowed the insiders to mint ZK tokens without fulfilling the airdrop criterion.

In a June 26 statement to Cointelegraph, a Matter Labs representative claimed that “there were no invalid mints.”

Specifically, there were “several ways in which users could mint the Libertas Omnibus NFT.” While one set of eligible users was made up of those who those who interacted with the top 100 zkSync NFTs, another set was made up of “event attendees that visited our booth or table [and] were able to scan a single-use QR code to be able to mint the NFT.”

Libertas Omnibus. Source: Element NFT Marketplace

Matter Labs also denied that holding Libertas Omnibus could by itself make a user eligible to receive the ZK airdrop. “Allocations were determined via a combination of eligibility criteria, amount of funds bridged and held on ZKsync Era, and bonus multipliers,” the representative stated. “Holding these NFTs alone did not qualify anyone for the ZK airdrop.”

Employees of the development team were also not eligible for the airdrop, the representative claimed.

The Libertas Omnibus open mint

Matter Labs launched the Libertas Omnibus NFT mint as a “test” in July, 2023, according to an X post in August. In the post, the team announced that it would provide an “Open Mint” going forward. Eligible users would “include those who interacted with at least one of the top 100+ zkSync NFT collections between mainnet launch and July 12.”

Source: zkSync.

The open mint ended in January, according to the team’s June 26 statement.

On June 17, zkSync launched an airdrop for its ZK token. According to the airdrop's official documents, three factors determined whether an address was eligible for the airdrop: its number of “eligibility points,” Time-weighted Average Balance (TWAB), and multiplier.

Related: 41% of top ZK airdrop wallets have already sold everything — Nansen

Each address was given one eligibility point for holding a Libertas Omnibus NFT. Other points could be obtained through liquidity providing, token trading and other activities. A total of seven eligibility points could be obtained if an address fulfilled all criteria.

Researcher claims to have discovered “insider minting”

On June 17, blockchain researcher soEasy posted to Github and shared the post to X, claiming to have discovered widespread corruption carried out in the zkSync airdrop. According to them, numerous wallet addresses were allowed to mint the Libertas Omnibus NFT without fulfilling the stated criterion. They stated:

“This group of front-running involves official members using contract privileges to mint NFTs to their own addresses [...] These addresses do not meet the officially announced criteria: Addresses should have interacted with at least 150 ZKSYNC NFT collections before July 12. However, these addresses did not conduct any NFT transactions before July 12 and directly minted NFTs instead.”

According to soEasy, the “insider” addresses can be divided into two groups, labeled “A” and “B.” Group A “utilized contract privileges to add themselves to a whitelist [and] were directly added to the contract and proceeded to mint NFTs without meeting the minting criteria.” Group B, on the other hand, used the functions “batchMint” and “safeMint” to “mint a large number of NFTs to various addresses it controls.”

soEasy further subdivided Group B into “B1” addresses that received mints through safeMint and “B2” ones that received them through batchMint.

65 of Group B1 addresses subsequently sold the NFTs at a profit, while 22 of them received ZK tokens from the airdrop. A total of 412,738 ZK tokens were distributed to the B1 addresses, the researcher claimed.

Group B2 contained 9,871 addresses. Of these, 4,685 addresses received the ZK airdrop, and a total of 43 million ZK tokens were distributed to these addresses.

Group B2 alleged ‘insider mint’ addresses and airdrop values. Source: soEasy.

soEasy concluded that the zkSync team has used the Libertas Omnibus mint to funnel ZK tokens into its own hands, allowing it to bypass the vesting periods associated with their officially acquired tokens. “This is a significant case of internal abuse for acquiring tokens,” they stated, “allowing the team to profit early without waiting for the unlock period.”

The zkSync team denied these claims, stating that all of the addresses acquired their Libertas Omnibus tokens either by interacting with the top 100+ NFT collections or by attending live events and scanning a QR code.

Libertas Omnibus mint transactions

Cointelegraph investigated a transaction from each group to determine how these users were minting NFTs.

In the transaction from Group A, the user called the “qrFreeMint” function on the Open Mint contract, which resulted in an NFT being minted and sent to the address.

This function required the user’s address to be part of a “whitelistSigners” list. If the user was not on this list, it failed with the error “OpenMintzK: Invalid Signer.”

zkSync Open Mint qrFreeMint function. Source: zkSync explorer

A separate function, called “setSigner,” allowed admins to add users to this whitelist. Specifically, it allowed users with the DEFAULT_ADMIN_ROLE to perform this action.

zkSync Open Mint setSigner function. Source: zkSync explorer.

In the Group B1 transaction, the user called “safeMint” and entered a recipient address. This function could only be called by a user with the MINTER_ROLE.

zkSync Open Mint safeMint function. Source: zkSync explorer.

In the group B2 transaction, the user called “batchMint” and entered 10 addresses separated by commas. All 10 addresses received the NFT. This function could only be called by a user that had the DEFAULT_ADMIN_ROLE.

zkSync Open Mint batchMint function. Source: zkSync explorer.

These transactions show that the admins used centralized functions to mint NFTs to specific addresses or to add users to a whitelist and allow them to mint.

However, blockchain data does not show for what purpose these functions were called. While soEasy claims that they were used to distribute NFTs to insiders, the zkSync team claims that they were used to distribute NFTs to attendees at live events.

Libertas Omnibus and airdrop eligibility

In its statement, Matter Labs claimed that holding the Libertas Omnibus NFT was not enough by itself to allow a user to claim ZK tokens in the airdrop:

“It’s important to note that being a Libertas Omnibus NFT holder was one of the eligibility criteria and would have gotten them a point, but this alone did not qualify them for an allocation [...] Allocations were determined via a combination of eligibility criteria, amount of funds bridged and held on ZKsync Era, and bonus multipliers.”

After Matter Labs issued its statement claiming that the mints were received by event attendees, Cointelegraph contacted soEasy for comment, but it did not receive a response by the time of publication.

The Libertas Omnibus mint is not the only controversy surrounding the ZK sync airdrop. On June 12, some critics claimed that the airdrop had “almost no Sybil filtering” and was excessively farmed by bots. However, the zkSync team defended its light touch on Sybil filtering, claiming that using too strict of a filter would have caused some legitimate users to not receive their airdrops.

Magazine: Crypto-Sec: Phishing scammer goes after Hedera users, address poisoner gets $70K