The Hard Cap Issue
Today, Telcoin refunded a large amount of contributions to our token sale, and this blog post aims to explain why.
First and foremost, I would like to stress that no funds have been lost or stolen because of this issue, and that the single consequence is that we are refunding more than we were intending to after crossing the hard cap. Telcoin still has the full ability to execute and deliver the cryptocurrency distributed by your mobile operator and accepted everywhere. The problem is that a software error had us refund some contributors that supported Telcoin long before we reached the hard cap, which goes against the fairness we stand for as a company.
We are giving these contributors an opportunity to resubmit their contributions.
This blog post provides a high-level overview of the issue, and our very own Tech Lead, Simo has written a more detailed explanation for technical-minded folks that will be shared following this post.
Every token sale having caps in USD has to deal with the potential volatility of the currencies accepted in the sale. To work around this problem, we opted for flexible caps that had absolute minimums to guarantee fairness. A logic error in the hard cap flexibility code made it such that we could not actually go beyond the “minimum” hard cap. We will refer to this as the “Hard Cap Issue.”
Some concerned readers here might wonder how we could end up in the situation of having to refund thousands of contributors if that was the case, and the answer is quite simple: Fast Track KYC.
In order to simplify contributions, we added an intermediate smart contract between our contributors and the original ICO contract. The workflow was the following: instead of applying for KYC and receiving the authorization to contribute after getting whitelisted in our contract (which was the original flow of our sale), our contributors were given the option to contribute while they were still going through KYC. If their KYC check was denied, their funds would be returned, but if their KYC check was approved, their funds would be in and their seat would be guaranteed. The community was generally satisfied by this workflow, and it helped us increase the pace of contributions.
When the token sale ended, we processed the last KYC batches, basic refunds for user errors, and bonus calculations for special cases - which took a few days (because Simo and I had pre-planned meetings in India) as we wanted to make sure everything was airtight. Once this was done, we started moving the funds to the original ICO contract and encountered a problem at around 70 percent of the process - no more ETH could get in.
A quick investigation led us to realize what happened, so we immediately established a plan for refunding everyone whose funds could not be transferred and give them the opportunity to send their contributions once again - to a different contract - that would allow them to secure their seat.
Everyone affected who contributed before the real hard cap happened has the ability to contribute until Wednesday, January 10th, 20:00 UTC.
- Has anything been lost through the Hard Cap Issue? No ETH has been lost through the Hard Cap Issue.
- Really? Why is this an issue then? This could indeed be considered a minor issue, but some contributors who should have been accepted in the token sale have been rejected because of a bug - this is unfair.
- If you still have the ETH, why do you have to refund contributors? For security reasons the Fast Track KYC contract can only do two things: refund the contributor or send the ETH to the original ICO contract. Since the ICO contract can not accept new ETH contributions, we have to issue refunds.
- How and when will I get refunded? You do not have to do anything. If your contribution was affected, it has already been refunded and you can now re-contribute to the token sale if you want to.
- Did all of the affected contributions come after reaching a certain point in the sale? No, some affected contributions came in very early, some came later. Time was not taken into consideration for anyone who contributed before the real hard cap was reached.
- How do I know if I my contribution is affected by the Hard Cap Issue? If you contributed to our token sale before the hard cap and your funds have been returned to you, your contribution has been affected, and you now have the option to contribute again.
- When will my Telcoin be distributed? All Telcoin coming from the token sale will be available for distribution on Thursday, January 11th, 13:00 UTC.
- My contribution has been affected and I still want to contribute, how much time do I have? Until Wednesday, January 10th, 20:00 UTC.
- Thank you, but I want to know more about the technical details of this issue. Please read Simo’s blog post, which will follow this post.
While explaining how things happened is helpful, the reality is that we need to take steps to ensure this type of problem doesn’t happen again at Telcoin.
As this is not a security issue and no funds have been lost, it would not necessarily have been caught via a security audit, but some rigorous engineering practices could have helped. Therefore, moving forward, we will have clearer specs, stronger code reviews, better testing & QA, and independent audits. We have already identified a few companies for auditing, but are open to suggestions from the community. We’re committed to spending a sizable amount of funding toward improving the reliability of our software, and as normal as it sounds, we will follow the best engineering practices around.
In addition to being the CEO of this company, I am an experienced software engineer and have no excuse for letting this happen, but I must take it as a learning experience. It’s a reminder that as humans, we can make mistakes, correct them, and move on. Our team is experienced, knows about best engineering practices, and will religiously stick to them.
Once again, I sincerely apologize on behalf of the Telcoin team, and will be available to answer questions on Telegram at http://t.me/telcoincommunity.
As always, please remain alert and make sure that you do not act on any email not legitimately coming from us, and never send funds to an address that was not communicated via a file hosted on the https://www.telco.in domain name. If there’s any doubt, please reach out to me (@klodio), Alix (@jazzynator), or Yace (@yacerukawa) on Telegram.