1. Home
  2. Documentation
  3. Complete NFT Course
  4. Security Issues with NFT
  5. Smart Contract Vulnerabilities

Smart Contract Vulnerabilities

Smart contracts are the foundation of many NFT collections. Smart contracts are simply agreements that are automatically concluded immediately after both parties fulfill their obligations. It is a tidy way to ensure that all parties stick to the agreement without the involvement of a third party. These contracts are used across many blockchain applications, including decentralized finance.

Within the context of NFTs, smart contracts are used in the minting process. These smart contract protocols store information on the ownership of NFTs immediately after they are minted. They equally help to determine the transferability of NFT assets. Generally, smart contracts are heavily deployed by NFT marketplaces for functions such as the conclusion of NFT transactions and the prevention of counterfeiting. However, because NFT networks depend on smart contract protocols, the slightest weakness in the smart contract infrastructure can be exploited by hackers. Here are some smart contract attacks that have been conducted in the past year.

·       OpenSea Phishing Attack

In February 2022, OpenSea experienced a phishing attack that exploited weaknesses in its smart contract code. The hackers redirected users to a link where the same users unknowingly signed smart contracts to conclude NFT sales. Due to the attack, users lost a total of 1.7 million ETH. A month before this event, a listing bug in the OpenSea marketplace was exploited by hackers. This led to the sale of the Bored Ape Yacht Club NFTs for less than 92 percent of their actual price.

·       The OpenSea Re-Entrancy Attack

A re-entrancy attack is often technical. However, it involves exploiting weaknesses in a marketplace’s smart contract in such a way that an attacker will be able to withdraw all the contract’s funds constantly. It is carried out by depositing a certain sum in an original smart contract. After this, a malicious smart contract is established, and a withdrawal request is sent to the original smart contract. When this call is made, the attack will exploit the original smart contract’s code to ensure that funds are constantly sent to the malicious smart contract until the contract’s funds are dried up. HypeBeast recently reported a similar attack on OpenSea’s smart contract protocol.

·       Adidas Token Sale

In December 2021, Adidas launched a token sale for its Metaverse NFTs. However, while the sale raked in about $23 million, hackers also exploited its smart contract code along the way. The news sources reported that hackers were able to bypass the token purchase limits that Adidas placed on each wallet within the smart contract. As a result, one hacker was able to remove the limit from the smart contract and score as much as 330 NFTs on their Ethereum wallet.

NFT platforms can solve this problem through smart contract auditing. A third-party organization often conducts smart contract auditing. The process involves analyzing smart contract protocols to identify loopholes in the codes. This helps marketplaces in removing bugs that hackers can use. As a user, it is advisable to opt for NFT marketplaces that have audited their smart contract protocols.

How can we help?