One Simple Function Could Ruin Biggest NFT Collection in World: Details


According to data from the minting smart contract of the world’s biggest NFT collection, Bored Ape Yacht Club, the owner of the wallet tied to the contract is currently able to mint an infinite quantity of NFT pieces.

The “vulnerability”

As the function “reserveApes” in the contract suggests, it should “Set some Bored Apes aside” but, in fact, the function allows minting of 30 apes at a time without even paying network fees of 0.08 ETH. But the main problem is that the function allows the infinite minting of the collection.

The code was more likely “left open” accidentally, and there should be another function that would prevent the “reserveApes” function from being repeated by the owner. As the on-chain data suggests, the account ending with “EE4D03” is still active and could mint more apes.

In addition to the function that could potentially ruin the floor price of the whole collection, the wallet has the authority to change the metadata tied to each existing non-fungible token within the collection.

But while the exploit still exists in the code, it is still possible to avoid an unpleasant situation by calling the function to renounce ownership.

Related:  Bitcoin Whales Load Up Over $789,000,000 in BTC in Less Than One Week: Analytics Firm Santiment

NFT industry going through a tough period

Previously, numerous NFT-related exploits took place in the space with the biggest NFT marketplace, OpenSea, facing a technical problem with their API that allowed a user to buy and sell non-fungibles for cheaper prices and then sell them for the market price.

Later on, hackers managed to steal eight NFT pieces from the marketplace by once again exploiting the vulnerability. The stolen pieces were related to collections like Cool Cat and Bored Ape Yacht Club. The hacker’s wallet was valued at $117,000.

Source link