NFT Security
NFT
NFT (Non-Fungible Token) contracts and marketplaces have unique vulnerabilities including metadata manipulation, signature replay, and marketplace-specific issues.
Common NFT Vulnerabilities
solidity
// VULNERABLE: Predictable token IDs allow front-running
contract VulnerableNFT is ERC721 {
uint256 public nextTokenId;
function mint() public payable {
_mint(msg.sender, nextTokenId); // Predictable!
nextTokenId++;
}
}
// VULNERABLE: Metadata can be changed post-mint
contract ChangeableNFT is ERC721 {
mapping(uint256 => string) private _tokenURIs;
function setTokenURI(uint256 tokenId, string memory uri) public {
// No ownership check!
_tokenURIs[tokenId] = uri;
}
}
// VULNERABLE: Reentrancy in mint
contract ReentrableNFT is ERC721 {
function mint(uint256 quantity) public payable {
for (uint i = 0; i < quantity; i++) {
_safeMint(msg.sender, nextId++);
// safeMint calls onERC721Received - reentrancy!
}
}
}Marketplace Attacks
text
// Signature replay attacks
// - Listing signatures can be replayed if not properly invalidated
// - Cross-chain replay (same sig works on multiple chains)
// OpenSea Wyvern exploit (2022)
// - Users had old listings they forgot about
// - Attacker bought NFTs at old (low) prices
// Approval attacks
// - Marketplace contracts need setApprovalForAll
// - If marketplace is compromised, all approved NFTs at risk
// Testing checklist:
// 1. Check signature validation
// 2. Look for replay protection (nonces, deadlines)
// 3. Verify ownership checks
// 4. Test metadata mutability
// 5. Check royalty enforcement
// 6. Test listing cancellation