NFT Platform OpenSea Fails to Prevent Security Issues -Breaking
[ad_1]
- A team of white-hat hackers discovered vulnerabilities in OpenSea’s smart contracts.
- OpenSea has not identified any significant flaws in the code of its software to reduce platform risks.
Every cryptocurrency transaction is about security. Bad actors are often motivated by high returns to exploit the blockchain bugs. So companies offer generous bounties to anyone who discovers bugs in their codes.
OpenSea has another bug
OpenSea, the largest NFT marketplace by trade volume, hasn’t learned from its mistakes and has not been actively seeking out platform bugs which could severely affect users’ investments.
Twitter (NYSE:) user F*****GRUG, who develops and builds smart contracts for NFT and Web 3.0 as part of RUG.TECH, identified some potentially platform ending code on OpenSea.
The discovery of bugs can be very lucrative especially with blockchain. For the discovery of critical bugs, companies will pay multimillions. Opensea, however, pays almost nothing to discover potentially fatal errors within their codebase. (Thread)https://t.co/WJV3DIQIae
— fuckingrug.eth (@FUCKINGRUG) November 7, 2021
The error, as described by the developer, indicated that the bug made it “possible to mint NFTs that appear to be created by any ETH wallet you choose,” without consent, or any approval from the wallet owner.
He further underlined that, if such a bug were to be exploited, bad actors could create fake blue-chip NFTs (think BAYC), creating a “frenzy,” and ultimately draining millions, if not hundreds of millions.
This attack, if coordinated properly could drain hundreds of millions, if not millions of dollars from overexcited collectors.
— fuckingrug.eth (@FUCKINGRUG) November 7, 2021
A typical OpenSea Response
Developers typically reward those who identify their platform’s bugs with a bounty. OpenSea provided a 3ETH bounty for this vulnerability and promised a second reward due to its critical nature. OpenSea pulled the bonus offer but the developers helped with troubleshooting.
In a screenshot of the email, Daniel Roelker stressed that the developer’s reports “fall in line with a lot” of their fraud efforts, indicating it does not solve the “collection owners vs. creators.”
Dan sent the following, doubling up on 3 ETH after we had finished troubleshooting. While we were helping them troubleshoot, they offered a greater bounty and pulled back after the job was completed. Amazing. pic.twitter.com/ymupu6wkZL
— fuckingrug.eth (@FUCKINGRUG) November 7, 2021
To The Flipside
- OpenSea doesn’t actively seek out critical bugs within the code as other crypto-related platforms do.
- OpenSea sales totals more than $10 billion over its lifetime.
What are the reasons to care?
OpenSea has faced criticism in the past for insider trading, and another bug that allowed bad actors to steal users’ crypto after creating malware-like NFTs.
EMAIL NEWSLETTER
Get the other side of crypto!
Upgrade your inbox and get our DailyCoin editors’ picks 1x a week delivered straight to your inbox.
[contact-form-7]
With just one click, you can unsubscribe at any time.
Fusion MediaFusion Media or any other person involved in the website will not be held responsible for any loss or damage resulting from reliance on this information, including charts, buy/sell signals, and data. You should be aware of all the potential risks and expenses associated with trading in the financial market. It is among the most dangerous investment types.
[ad_2]