Published on

Make your candy machine "snipe bot proof"

  • Name

Make your candy machine "snipe bot proof"

Am I the only one right now hearing rumours that the candy machine has failed? Bullshit!

Sniping was not an issue for months, even though many people might have been aware that it is possible. But... Now that we know that someone is abusing it we cannot just proceed with it as it is. I think that's right and everyone who plans a mint should consider other solutions.

Which ones? Let me tell you! (later :harold:)

Why are we having issues?

Easy: The order in which the mint is done is stored on the Solana blockchain. Everyone who is tech-savy (or at least knows the right tools) is able to see which NFT will be the next, and they might even able to calculate rarity etc. beforehand. Homie Stark has explained it more extensive on twitter.

Why? This is some kind of a trade off. We all want to have a decentralized solution, so we need to store everything visible for everyone and not in the hands of a single person (the devs).

If you are really interested in how it works you might either find solutions to exploit it on github to analyze it or find your answers on the metaplex discord.

1 - Wait it out

  • If you are not at all interested in Solana and making the whole crypto world a bit better and just are interested in selling your art on Solana:
  • For everyone who is struggling with setting up the current candy machine version
  • For everyone who just want to do a cash grab project (IS IT YOU? STOP READING NOW. GO AWAY!)

... this might be the best solution. Metaplex is working on candy machine v2 and I am sure that they will nail it again.

But read the next part and think about if the current solution makes sense for you or not.

2 - Mint now! But do it right.

Nuff said.

What do you need to do? Easy!

  1. Do not create your candy machine as usual. Do it like this instead:
  2. Run the upload command with a folder that only contains one file pair (png+json) and -n <number of real nfts> like this:
    ts-node ~/metaplex-foundation/metaplex/js/packages/cli/src/candy-machine-cli.ts upload <single asset directory> -n <total number of NFTs> --keypair <Solana keypair file> --env <Solana cluster env name>

(command shamelessly stolen from 0xEnricos arweave nft uploader)

This will upload only one file but reserve enough space in the config for all your files.

  1. Upload all your files independently from your candy machine. E.g. by
  • creating a second candy machine with all files (easiest)
  • using 0xEnricos arweave nft uploader
  • using another arweave uploader
  • uploading your files to another web3 filehost
  • ...
  1. modify your cache file. It should look like this currently:
  "program": { "uuid": "HMqstn", "config": "HMqstnNejD1ota4prfKn9SGN6jrNp5BQPczQ2dj45wRu" },
  "items": {
    "0": {
      "link": "",
      "name": "Slime #1401",
      "onChain": false
  "env": "devnet",
  "cacheName": "gumdrop",
  "authority": "JAVGVpREYzCA6b1WgQFsdDw4zNdZjCUruE4monFpkWx1"

the only thing that you need to do is delete the content of "link" and multiply the line in items{} with the numbers of items you want to have at the end. E.g. for 5 NFTs:

  "program": { "uuid": "HMqstn", "config": "HMqstnNejD1ota4prfKn9SGN6jrNp5BQPczQ2dj45wRu" },
  "items": {
    "0": { "link": "", "onChain": true },
    "1": { "link": "", "onChain": false },
    "2": { "link": "", "onChain": false },
    "3": { "link": "", "onChain": false },
    "4": { "link": "", "onChain": false }
  "env": "devnet",
  "cacheName": "temp",
  "authority": "JAVGVpREYzCA6b1WgQFsdDw4zNdZjCUruE4monFpkWx1"
  1. Run upload again to rebuild your index but refer to a folder with all your assets now. (or at least a folder with the same file count)
    ts-node ~/metaplex-foundation/metaplex/js/packages/cli/src/candy-machine-cli.ts upload <full assets directory> -n <total number of NFTs> --keypair <Solana keypair file> --env <Solana cluster env name>
  1. you have a perfectly good candy machine now. Run verify to be sure and then as always create_candy_machine. Just do your drop. But keep be aware that all your minters will now have an empty NFT.

  2. First people have an NFT and might even feel scammed. Now what? Easy! We need to update the metadata to give every minter what they deserve. There are different solutions to do it let me show you two of them:

    7.1 Metaboss The fastest solution. Depending on what you uploaded you might need to update data + URI or just URI.

    7.2 update_existing_nfts_from_latest_cache_file. This is a candy machine CLI command. You just need to update the cache file with the correct links and let it run. (even possible as a deamon to update all NFTs as soon as they are minted)

    ts-node ~/metaplex-foundation/metaplex/js/packages/cli/src/candy-machine-cli.ts update_existing_nfts_from_latest_cache_file --keypair <Solana keypair file> --env <Solana cluster env name> --new-cache <path to new cache file> --daemon

    7.3 thuglabs metadata uploader The oldest solution for mass updating that I know. But it works!

Pro tip: do not empty "link":"" in step 4 but instead upload one a placeholder image in step 2 and use this. Your users and discord managers will thank you!

And that's it! The bot's can still mint faster than everyone else. But they will not be able to determine which ones they are the scarcest.