Top 5 vulnerabilities in NFT Smart Contracts worth paying attention to

image


Since the advent of NFT tokens, several problems have arisen in this area, due to which many people were concerned about the cybersecurity of smart contracts.

First of all, cybercriminals often try to exploit vulnerabilities in smart contracts to circumvent restrictions related to the sale of tokens. One of the most striking examples is the sale of Adidas NFT tokens. While the sale was going on, the attacker managed to circumvent the limit on the maximum number of tokens purchased for the wallet. As a result, the hacker managed to buy 330 NFT, permanently disrupting the successful debut collection of Adidas NFT Into the Metaverse.

The next problem concerns not only the NFTs themselves, but also the trading platforms where they can be found. One example of this is OpenSea— the world’s largest NFT market. Not so long ago, OpenSea was attacked, during which several attackers managed to buy NFT at prices significantly lower than the market value of tokens.

The third problem is not specific to NFT, but concerns the cryptocurrency industry since its inception and is related to the secure storage of private keys for accessing wallets and making payments. Hackers have identified many methods that allow you to steal private keys and gain access to cryptocurrency and user tokens. One of the most commonly used methods is phishing. As SecurityLab wrote earlier, OpenSea users became victims of phishing attacks last month. The attackers managed to trick 32 people into signing a payload allowing a free transfer of their NFT to fraudsters.

Another type of danger is known as a re-entry attack and concerns the most popular NFT OpenZeppelin standard. The implementation of the NFT standard in OpenZeppelin has a callback function. A feature designed to help developers integrate NFT into projects can also be used to conduct cyber attacks. One of the latest examples of this attack occurred on February 3 of this year, when the HypeBeast NFT contract reported the incident. The project had a limit on the number of NFTs an account could create, but the attackers used the callback function to call the mintNFT function again.

There are also a large number of examples of NFT fraud. Administrators of Cool Kittens promised investors an electronic token with the image of a cat, a specially created token called PURR and membership in the DAO. Just three weeks after the announcement, the NFT collections went on sale. The project has sold more than 2.2 thousand. NFT in a few hours. The creators of the project earned $160 thousand and then just disappeared with the money.

Start a discussion …