This is a question related to the Metaplex candy machine.
I noticed that bots are able to mint bypassing the whitelist tokens.
This is a whitelist config I had:
{
"price": 1,
"number": 777,
"gatekeeper": null,
"solTreasuryAccount": "REDACTED",
"splTokenAccount": null,
"splToken": null,
"goLiveDate": "29 June 2022 00:00:00 GMT",
"endSettings": null,
"whitelistMintSettings": {
"mode" : { "neverBurn": true },
"mint" : "REDACTED",
"presale" : true,
"discountPrice" : 0.01
},
"hiddenSettings": null,
"storage": "arweave",
"ipfsInfuraProjectId": null,
"ipfsInfuraSecret": null,
"nftStorageKey": null,
"awsS3Bucket": null,
"noRetainAuthority": false,
"noMutable": false
}
How is this possible?
You set ur presale to true and goLiveDate is on the past. When you set presale: true means that whitelistSettings will be aplied before goLiveDate but when goLiveDate happens your mint will not be a presale and will be a public mint.
You can set presale: false so ur mint will be a whitelistMint (will be using goLiveDate as mint start date) or you can set goLiveDate to a date in the future and keep using presale: true, so ur mint will be a whitelist presale mint till the goLiveDate is met.
Make sure to run update_candy_machine after changing and saving ur config file.
Also take a read to the whitelist settings examples on the official docs so you can have more info about this.