NFT Security Issues скачать в хорошем качестве

NFT Security Issues

Full Course Playlist:    • Blockchain & Cryptocurrency Technologies (...   #ethereum #ProofOfStake #SmartContract NFT Issues 1. User Authentication 1.1. Identity verification 1.2. 2-Factor authentication 2. Token Minting 2.1. Verifiability of token contracts 2.2. Tampering with token metadata 3. Token Listing 3.1. Principle of least privilege 3.2. Invalid caching 3.3. Seller and collection verification 4. Token Trading 4.1. Lack of transparency 4.2. Fairness in bidding 4.3. Royalty distribution and marketplace fee evasion 1. User Authentication 1.1. Identity verication: Major cryptocurrency exchanges enforce KYC (Know-Your-Customer) rules AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) measures However, NFT Marketplaces (NFTMs) currently do not enforce them 1.2. 2-Factor authentication: Many NFTMs do not support 2FA and when it is supported, generally it is not enabled by default 2. Token Minting 2.1. Verifiability of token contracts A token contract is considered verifiable if its source code is submitted to Etherscan Since token contracts are complex, source code is much easier to audit than bytecode Verifiability of external token contracts is crucial as they can be malicious or buggy Malicious token contracts may not transfer the NFT after purchase Buggy token contracts can burn gas without doing any real work Around 28% of the token contracts are closed-source Between June and December 2021, OpenSea took down 1765 closed-source tokens which account for $328.8M None of the NFTMs that support external token contracts mandates such contracts to be open-source 2.2. Tampering with token metadata The metadata of a token holds the pointer to the corresponding asset Hence, if the metadata changes, the token loses its significance The ERC-721 standard for NFTs actually allows for the possibility to change a token's metadata Changing the metadata violates the expectation of the buyer 1. Creator/owner can change the metadata url 2. Creator/owner can change the metadata itself 3. Even if changing metadata is disallowed at the contract level, creator/owner can change it if it is hosted on web domains Researchers observed that more than 100,000 out of 3 million metadata urls were changed in 6 months 3. Token Listing 3.1. Principle of least privilege: Many NFTMs use a single escrow account during listing. 100,000s of NFTs can be stolen if the private key of an escrow account leaks 3.2. Invalid caching: 4 out of 12 million NFTs on OpenSea are actually inaccessible, but 68% of these images are still cached, creating the illusion that the asset linked to the NFT is still alive 3.3. Seller and collection verification: Buyers have to verify the seller or the collection themselves 4. Token Trading 4.1. Lack of transparency: Some NFTMs store sale records and transactions o-chain, making it impossible to verify any trades or the ownership history of an NFT 4.2. Fairness in bidding: Some NFTMs record bidding off-chain which can be abused by the NFTM or the users 4.3. Royalty distribution and marketplace fee evasion: Neither royalty nor marketplace fees are enforced in ERC-721 token contracts and both can be avoided by a malicious seller. Moreover, OpenSea and Rarible allow the creator to modify royalty after the sale 4.4. Around 9% of OpenSea royalty fees were modified after the first sale