First of all we need to understand the difference between CALL and DELEGATECALL EVM Opcodes
In a simple way; when you call a contract with delegatecall, it is as if you embed the called function inside the contract itself
๐งต 1/8
Opensea uses Wyvern Protocol, which is the most optimal fees-wise peer-to-peer exchange protocol
But it has also a disadvantage: when you sign a malicious message, the counter-part can execute that signed message for you
๐งต 2/8
In order to be able to execute arbitrary code in which two peers agree, the following possibilities must exist within the protocol:
CALL and DELEGATECALL
๐งต 3/8
โ ๏ธ Hackers only needed ONE signature from you to steal all your approved NFTs
This signature:
#โฃ "My approved Opensea Proxy contract is going to make a DELEGATECALL to the hacker contract function transferNFTs" in unreadable form
๐งต 4/8
The hackers can execute that transaction whenever they want
And they have generalized the code so that they can calmly choose which NFTs they want to steal from you
๐งต 5/8
After 28 days of storing signatures, the hackers decided to execute the hack
Their code travels into this diagram till they successfully stole your NFTs
๐งต 6/8
โ Proposed solution:
A new signing message standard in which wallets inject the domain at the end of the signature
And older signatures that are not using the new standard appear in red โ