Relay and cross-chain bugs

yungwknd.xyz · September 25, 2025, 11:14pm

Hey there seems to be an issue with crosschain minting where you are not strict about the chain the user mints on.

Let’s take a look at this address on mainnet -

https://etherscan.io/address/0x40ae3553a2dbbe463f84da97bda5607cfd03b40d

If you notice, this is the same address as ERC1155Serendipity (deployed on Shape).

But you have users who are sending their txs with the 0x33032dac (mintReserve) function signature directly to this address on mainnet when those calls should go through the relay receiver on mainnet.

Can you fix or be more strict about chain the transaction runs on? Looks like this has happened a few times over last 6 months. Probably worth checking on the other manifold contracts on each chain. Are you using create2? Is there a way to recover those lost funds by deploying ERC1155Serendipity to mainnet on the same address?

dongqtm · September 26, 2025, 12:10am

Thanks for reporting this issue Yungwknd .
We do indeed use create2 for Serendipity.
We have deployed a fix since then to what we believed might have caused the issue.
That said, we’re still actively investigating and will keep you posted with any updates!

yungwknd.xyz · September 26, 2025, 4:49am

Awesome, thanks for the quick response! What about the users who tried to mint, will they get their mints or some sort of refund?

dongqtm · October 1, 2025, 7:00pm

Hi Yungwknd,

Sorry for the late response all missing funds have been refunded.
https://etherscan.io/tx/0xb511a9f495fd50b90aeef278c56f89f39a6a60ae1ec37f2dfc596d7cbee653bb