Possible security vulnerabilities in NFT

Blockchain 、NFT And others have been loved and trusted by people with high security , however , High security does not mean absolute security , There are always many loopholes in the Internet , Network hackers are eyeing it .

in fact , Even in places known for their safety NFT in , We have also encountered many cases of asset theft . Hackers use NFT Loopholes in smart contracts , Attack the user account or platform , Only this year , There have been several large-scale security incidents .

NFT There are two types of security vulnerabilities in , One is its own vulnerability , The other is the business vulnerability from the platform .

Its own loopholes

NFT The whole process includes casting 、 issue 、 The circulation 、 Destruction and other stages . There are basically no problems in the casting and destruction stages ,NFT The security problems of the company mainly focus on the issue and circulation .

NFT The circulation mainly involves the security of the circulation address , In this respect, there may be more “ phishing ” And other potential safety hazards , There are relatively few contractual loopholes .

The release phase is one of the most vulnerable phases . Generally speaking ,NFT The issue will be divided into pre-sale and formal sale . At pre-sale , The project party will provide users with pre-sale qualification through the white list . A common way is for hackers to exploit vulnerabilities in the white list , Bypass restrictions , Get pre sold NFT.

The platform's verification vulnerability to the white list led to NFT The project was attacked , such as APE Coin Airdrop incident 、NBA The two typical cases of the Hoover incident are the security problems caused by the white list vulnerability . The former is due to white list verification , Only verify that the user is right NFT The instantaneous state of ownership , Therefore, hackers use the method of lightning loan , A large number of NFT, After the final repayment of the lightning loan , Will make a profit APE Coin To transfer ; The latter is due to insufficient review when verifying the user's signature , Generally speaking , A signature can only be used once , but NBA Project party's NFT Verified vulnerability , Make the signature reusable , Finally, one signature can receive multiple NFT.

Platform vulnerabilities

NFT The platform is also vulnerable to vulnerabilities , The most typical one is right NFT The protocol standard for . Although they are collectively referred to as NFT, But not all NFT All adopt the same standard . classical ERC-721, It was born later ERC-1155、ERC-998 etc. , All are NFT Common protocol . such as TreasureDAO In a security incident , Just confused ERC-721 and ERC -1155 The difference between , It leads to logic confusion , Finally, it gives hackers an opportunity .

in addition , There are also platforms that will NFT As a kind of liquidity asset token or loan collateral, etc , If these platforms are used during business execution , Inspection is not fully considered - Interaction, etc , It is very easy to lead to loopholes in the business process , Security issues arise .

Summary

NFT The security incidents that occur from time to time in the market remind us , There is no absolute safety “ RIZ-ZOAWD ”. therefore , We are choosing NFT when , We should be more cautious , Do not invest blindly , At the same time, they also need to constantly enrich their relevant knowledge , Make it easier to avoid projects or platforms with potential security risks .