BlockSec Academy | How to Use Digital Signature and Use It Right in #NFT?
Digital signature has been widely used in #smartcontracts , e.g., in allowlist mint and order-book NFT marketplaces. However, the misuse of the developers also introduces risks in the NFT marketplaces.
2/#Whitelist Mint
A digital signature is used to distinguish the WL mint and public mint. Below is an example of the implementation of WL mint.
This code snippet is from the Association NFT (Which has a vulnerability — do not copy this code).
2.1/Whitelist Mint
The function mint_approved() intends to implement the allowlist mint: the project owner signs a mint message (info variable) and sends the message to the permitted minter (who can mint NFTs). Then the minter can invoke approved_mint with the signed variable.
2.2/Whitelist Mint
The contract will verify whether the message is signed by the project (signer == recovered). If so, the one who invokes the function is allowed to mint NFTs (It's NOT secure since there is no verification on whether it is the actual person in the WL).
3/Order Verification
As each NFT token is non-fungible, the automated market maker (AMM) trade policy is hard to be used in NFT markets. Thus, most NFT marketplaces take the order-book trade model.
e.g. the whole trade process of one of the order-book marketplaces: OpenSea.
3.1/Order Verification
The market contract will validate the order to ensure that the seller signs the sell order (since the buyer initiates the transaction.) — to prevent the buyer buys an asset without the seller’s consent.
4/The Horton Principle is a maxim for cryptographic systems and can be expressed as “Authenticate what is being meant, not what is being said”, it requires signing the action totally and precisely. If the signature is partially or non-accurate, the result will be disastrous.
5/Suggestion
- Put all information that to be verified in the signature. Check the consistency of the data in the signed message with the runtime value.
- The message to be signed needs to be deterministically encoded.
2/ As a cross-bridge project, Nomad adopts a merkle-proof technology to verify that user requests are valid. By calling **process** function, a user can pass the request message to the contract.
3/ The verification procedure in the **process** function firstly finds the corresponding Merkle root by the hash of the message and the Merkle root is then passed into the **acceptableRoot** function to see if it is legal or not.
2/ Two addresses (0x1efdcdcb and 0xb773b412) continuously trade the token at a very high price (100 ETH). As a result, the total wash trading volume is up to 600 ETH!
3/ Wash trading is usually used to mislead users/investors. However, wash trading Uniswap V3 Lp tokens seems to be odd because Uniswap V3 Lp token only represents a position in the Uniswap pool. We performed a further investigation to find out the facts.
2/ As a result, an attacker can sell a worthless NFT to a buyer (as a parameter passed to the function) without the buyer's consent, in case the buyer has approved to this contract.
3/ This contract has another similar vulnerability that an attacker can buy a seller's NFT using a very low price without the seller's consent (the NFT should be approved to this exchange). That's because fillBuyOrder does not check the seller's signature.
2/ the attacker borrowed 131,162.00 WBNB and 91,035,000.00 using the flash loan.
Then the attacker swapped the 131,162.00 WBNB to 34,244 ELEPHANT Token.
3/ the attacker mint TURNK token by providing BUSD. In particular, the vulnerable contract will first swap BUSD to WBNB and then use ELEPHANT to buy ELEPHANT. During this process, the price of ELEPHANT will raise. The attacker got TRUNK token.
1/5) We have seen the cases that the cat-mouse game is happening in the crypto world. One case is that the token is trying to obfuscate its logic.
This token Moonpro (Moonpro) bscscan.com/address/0xd4c6… has an "interesting" logic to obfuscate its 'transfer' function.
2/5) first, only Elon() can transfer the token
3/5) Then the onlyElon() will invoke Tesla() function, which further fires(DOGE()). During the fire function, it's a delegratecall to another contract.