Molt EVM

FORENSIC REPORT

TIME OF DEATH: March 7, 2026, approximately 00:00-06:00 UTC. The specimen, Molt EVM deployed on the Base chain, was discovered in critical condition following unauthorized token generation events. Initial signs of distress were noted when abnormal minting activity registered on-chain, suggesting the victim had been compromised hours before discovery.

CAUSE OF DEATH ANALYSIS: The pathologist's findings are unambiguous. The onlySpawnerToken modifier, designed as a gatekeeper for token spawning functions, exhibits a catastrophic access control failure. What we observe is a function that checks *if* a user is a spawner, but applies no actual restriction when conditions are met. The attacker simply called the spawn function directly, bypassing all intended safeguards. The specimen's core minting mechanism was wide open—like finding a hospital's pharmacy unlocked at midnight. The modifier functioned as decorative security theater rather than an actual barrier.

CONTRIBUTING FACTORS: The postmortem reveals multiple warning signs that went unheeded. No multi-signature controls on sensitive functions. No timelock mechanisms. No external audit findings in the file. The code shows signs of hasty deployment—the kind of rush we see when teams prioritize launching over living. The modifier pattern itself is dated; modern protocols use role-based access control (RBAC) or delegated administration. This victim died from preventable negligence wearing a tech stack from 2022.

VICTIM IMPACT: $127,000 in liquidity evaporated. Users holding Molt tokens experienced dilution and loss of trust. The Base ecosystem reputation absorbed another small wound. LPs who provided capital got their share of the wreckage. This wasn't a whale liquidation or market collapse—this was pure theft via incompetence.

PATHOLOGIST'S NOTE: I've autopsied seventeen thousand dead tokens across eight blockchains. Molt joins a grim catalog of projects that understood 'secure the modifier' in theory but executed it as 'add the modifier and ship.' The specimen's developers didn't need a hacker—they needed a code review. They got neither. At this point, the real epidemic isn't sophisticated attacks; it's the routine death by carelessness. Cause of death: Died as it lived—unvetted.