NFT Contract Security Analysis: Review of Events in the First Half of 2022 and Discussion of Common Issues

In the first half of 2022, security incidents in the NFT sector occurred frequently, resulting in significant economic losses. According to statistics, there were a total of 10 major NFT security incidents in this half-year, with total losses reaching as high as $64.9 million. The main attack methods included exploiting contract vulnerabilities, private key leaks, and phishing. Notably, phishing attacks on the Discord platform were particularly rampant, with servers being attacked almost daily, causing numerous users to suffer losses due to clicking on malicious links.

Analysis of Typical Security Incidents

TreasureDAO event

On March 3rd, the TreasureDAO trading platform was attacked, and over 100 NFTs were stolen. The issue lies in the buyItem function of the TreasureMarketplaceBuyer contract. This function failed to check the token type when calculating the total price, directly multiplying the quantity by the unit price. This allowed attackers to call the buyItem function of the TreasureMarketplace contract to purchase tokens with an ERC-20 token payment amount of 0.

The root cause is the logical confusion caused by the mixed use of ERC-1155 and ERC-721 tokens. ERC-721 tokens themselves do not have a quantity concept, but the contract calculates the purchase price using quantity, and there is no logical separation in the final transfer implementation.

APE Coin airdrop event

On March 17, hackers obtained over 60,000 APE Coins through a flash loan airdrop. The problem lies in the AirdropGrapesToken airdrop contract. The contract uses alpha.balanceOf() and beta.balanceOf() to determine the caller's ownership of BAYC/MAYC NFTs, but this method only captures the instantaneous state of the user's NFT ownership, which can be manipulated through flash loans. The attackers exploited this vulnerability by borrowing BAYC NFTs via flash loans to claim the corresponding airdrop.

Revest Finance incident

On March 27, the Revest Finance project was attacked, resulting in a loss of approximately $120,000. This is a typical ERC-1155 reentrancy attack. The issue lies in the Revest contract. When users use depositAdditionalToFNFT() to add FNFT collateral assets, the contract needs to destroy the old FNFT first, and then mint a new FNFT. However, during the minting process, the min() function did not check whether the FNFT to be minted already existed, and the fnftId state variable increments after the _mint() function. Additionally, there is a hidden external call to ERC-1155's _doSafeTransferAcceptanceCheck() in the _min(), which creates a reentrancy vulnerability.

NBA wool pulling incident

On April 21, the NBA project encountered an attack. The issue lies in the signature verification mechanism of the The_Association_Sales contract. There are mainly two security vulnerabilities: signature spoofing and signature reuse. Signature reuse occurs because the contract does not store used signatures, allowing attackers to reuse the same signature multiple times. Signature spoofing happens because the vData memory parameter info is not validated for msg.sender during parameter passing, allowing the signature to be spoofed.

Akutar incident

On April 23, the AkuAuction contract of the NFT project Akutar was locked with 11,539 ETH (approximately 34 million USD) due to vulnerabilities. The contract has two logical flaws:

1. The refund function processRefunds uses the call function to process refunds and takes the refund result as a require condition. An attacker can maliciously revert in the fallback, causing the entire contract's refund operation to fail.
2. The two conditional checks in the refund function do not consider the situation where users can bid on multiple NFTs, resulting in the project party being unable to execute refund operations subsequently.

XCarnival event

On June 24, the NFT lending protocol XCarnival was attacked, with hackers profiting 3,087 Ethereum (approximately $3.8 million). The issue was with the pledgeAndBorrow function of the XNFT contract. This function did not check whether the xToken address provided by the attacker was in the project's whitelist when staking the NFT, and it did not verify the status of the collateral records during lending, allowing the attacker to repeatedly use invalid collateral records for borrowing.

Common Questions about NFT Contract Audits

1. Signature spoofing and reuse:

   • The signature data lacks duplicate execution validation, such as missing user nonce, resulting in reusable signature data minting NFTs.
   • Signature check is unreasonable, as it does not check for the case where the signer is a zero address, allowing any user to mint by passing the check.

2. Logical Vulnerability:

   • The contract administrator can mint coins in a special way without being subject to total supply limits, resulting in the actual amount of NFTs exceeding expectations.
   • During the NFT auction, the winner can manipulate the bidding price using transaction-order dependence attacks to acquire the NFT at a lower price.

3. ERC721/ERC1155 Reentrancy Attack:

   • Using the transfer notification function (onERC721Received function), the NFT contract sending a call to the transfer target contract may lead to a reentrancy attack.

4. The scope of authorization is too broad:

   • Pledge or auction requires _operatorApprovals authorization, rather than individual token authorization, increasing the risk of NFT theft.

5. Price Manipulation:

   • The price of NFT depends on the token holdings of a certain contract. Attackers can use flash loans to inflate the token price, leading to the abnormal liquidation of staked NFTs.

Given the frequent security incidents related to NFT contracts, and the vulnerabilities discovered during the auditing process often aligning with actual attacks, it is particularly important to seek professional security companies to conduct a comprehensive audit of NFT contracts.