Letter to our investors

Hi everyone,

While BDO is digging through the ICO data I will provide you in a little series of letters with more information and insight into our case and your investment.

There was a court ruling last week from a Berlin court which requires some explanation: the ruling is a so-called “injunction”, i.e. it does not represent a final decision, but a preliminary freeze. This indicates that, in the court’s view, things are complicated and the legal proceedings might take some time. For the interim period, the court decided to freeze the shareholder structure, until the matter has been sorted out.

The discussion about Envion is dominated by two contradicting narratives. The version of Michael Luckow’s team goes: two evil capitalists steal the company from innocent founders, eager to grab the money raised, tell a fake story to justify their takeover and damage the investors. From our perspective, the story is very different: The supposed “evil capitalists” are white knights, who are trying to save Envion from fraudsters who betrayed investors around the world and tried to defraud them and the company.

At the same time we understand that many investors don’t care who is right or wrong, they just want the two parties to find a compromise and go to work. This is an understandable and pragmatic perspective. However, if the Envion case involved fraudulent transactions a compromise only opens the gate to further wrong-doing. Therefore, an in-depth analysis of the ICO is key.

We want to share such information with you in a series of investor letters, starting today with the lockup period that was codified in the first version of the smart contract.

Smart Contract Setup

Before moving on to details it should be noted that all token sales and ICOs in Ethereum are governed by a “smart contract” associated with a given ERC-20 compatible token. These contracts are composed of computer code written in the programming language Solidity and inherit certain basic features from the Ethereum token but can also modify and build upon (even override) those functions. The purpose of a smart contract is to reinforce, in concrete automated outcomes, a “contract” between counter-parties that reflects a generally understood agreement between counter-parties of what should happen under given conditions. Token payouts, vesting periods, fines, deposits, interest, etc. can all be encoded into these contracts. Once a contract is entered on the Ethereum network it will execute its given code block-by-block until it runs out of “gas” (Ether) to pay for itself. The Ethereum network (immutable) then essentially becomes the enforcement mechanism to keep both parties honest with respect to what has been agreed upon. Therefore, an existing contract can only be abandoned but not modified – it is important to understand this.

The first version of the Envion token contract was audited by the German blockchain expert Prof. Backes and the audit published on the 27th of November on medium.com.

Article on medium.com

On page 7 the audit states that the team has a lockup of six months:

The contract provides a deliverTeamTokens function that can be used once to create 17.647 % of additional tokens for the team. Those additional tokens correspond to the 15 % pie of team tokens (10 % founder team + 5 % envion AG). The team can collect their tokens roughly 6 months (1,095,000 blocks) after the funding end block.

After the audit the smart contract was changed many times. The smart contract version Prof. Backes audited is labeled with the commit hash

aac0e79b57ce78612c966c5298dcf3240172e953

This version is publicly visible on

https://github.com/envion/Smart-Contracts/commit/aac0e79b57ce78612c966c5298dcf3240172e953

A later change that is significant for the analytics of the founder token transfers was made on the 11.Dec. 2017. Visible at

https://github.com/envion/Smart-Contracts/commit/a329586fc74f70946606b601c7fa1c8d32aedf8c

This change moved the delivery of the founder share out of the function deliverTeamToken(). According to the commit message the delivery of the founder was supposed to be treated like a credit card purchase delivered by the function deliverToken(). The commit message states:

“Change functionality of vested token delivery
Instead of delivering vested tokens for the team, deliverTeamTokens() immediately delivers tokens for company and supporters. Team token delivery will be handled like a credit card purchase.”

The comments already reveal a contradiction per the Backes Audit – deliverTeamTokens no longer delivers team tokens but rather company and bounty tokens. The delivery mechanism to create the supporter and company shares stayed in the function deliverTeamToken() except that they are no longer forced to vest (i.e. wait six months for their tokens). Supposedly the smart contract developer was made aware of the fact that other than the founder shares these shares didn’t need a vesting period. Thus the vesting restriction was deleted from the function deliverTeamToken() all together.

The Non-Compliant transferFrom Function – Gateway to an Early Exit

The Envion smart contract has a serious bug. This bug allows a token transfer from a locked-up credit card wallet to a wallet without these restrictions. The bug can be found at function

transferFrom(address _from, address _to, uint256 _value)
…line 1529 in the smart contract.

The modifier hasEnoughUnlockedTokens(…) checks if the initiator of the function call – msg.sender – is allowed to transfer tokens or is restricted by the credit card lock. In the function transferFrom(…) it is not the msg.sender who should be checked but the function parameter address _from. This way another address that doesn’t even need to possess EVN is able to unlock a wallet that is locked by simply calling the function for the locked wallet instead provided the caller function is unlocked.

The bug was publicly unknown until the BIG report was published. The founder obviously knew of the existence before, because when the ICO ended, on the 15th of January, the function deliverTokens(…) was called

a) with the purchaseID FOUNDER
b) and was flagged as a credit card payment

and thus created around 12.6m EVNs for the founder wallet. The transaction can be found here:

https://etherscan.io/tx/0x8d08b0e52710394a2f2c43f767ac7d3b9c5060a5d589d8d9ef2201e3c533d19b

On the 4th.Feb.2018 the founder tokens were unlocked with the aforementioned bug. The transaction can be found here:

https://etherscan.io/tx/0x88a93df77f11714b3d2ca39df0c808b09e04e2f16e4cfd2be97da046d53dc919

The tokens were transferred to the wallet:

0xeeb9a4da614f746ea9297e8386abee98d37f4e9d

…and in the following days the token were transferred to many other wallets creating a confusing distribution of the founder tokens

Deception of the investors

On this very day, 4th of February, the community manager of the so-called founders, the US-citizen Laurent Martin, confirmed a lockup period of 6 months and warned investors: “Do not spread rumors.” Screenshot Telegram:

Laurent made the community believe in a rock-solid vesting – possibly with the knowledge that this vesting has just ended in the smart contract by abusing the bug.

Best regards
Matthias Woestmann & Forensic Team