DefiLlama Co-Founder Reveals an Exploit in Foundation NFTs

Coinmama
Are Foundation NFTs at Risk? DefiLlama Co-Founder Sheds Light on Exploit
Blockonomics

[ad_1]

The pseudonymous co-founder of the DeFi data aggregator platform DefiLlama, shed light on vulnerabilities that could erase all the NFTs minted using the Foundation’s contract.

In the Web3 industry, most projects have open-sourced code, allowing other developers to view the source code of various platforms. This also enables other developers to contribute to the project and flag certain vulnerabilities or bugs.

Foundation NFTs Two Transactions Away From Being Destroyed?

0xngmi, the anon co-founder of DefiLlama, wrote a Twitter thread highlighting an exploit in Foundation’s non-fungible token (NFT) contracts. Foundation is a platform that allows the creation and trading of NFTs

While NFTs are supposed to be immutable, 0xngmi argues that the NFTs minted using Foundation’s contracts “are just two transactions away from being destroyed.”

Betfury
Screenshot of DefiLlama's co-founder  0xngmi's tweets
Source: Twitter

0xngmi Explains Vulnerability

According to 0xngmi, NFTs minted on Foundation utilize a common smart contract for saving gas fees. Moreover, Foundation has a feature that allows contract owners to destroy it if it has no NFTs.

Hence, if the Foundation team or certain bad actors destroy this common contract, all the collection contracts might stop working.

Screenshot of DefiLlama's co-founder  0xngmi's tweets
Source: Twitter

Two-out-of-six multi-sig protects the common smart contract. If any two keys get exposed to hackers, they could hold the NFTs for ransom or destroy them. 

0xngmi further reveals that he reported the exploit six months ago, but the Foundation team did not update him. Additionally, they asked for 0xngmi’s ‘know your customer” (KYC) detail that might reveal the identity of the anonymous co-founder.

0xngmi shares the timeline of his interaction with Foundation team
Source: Twitter

Lastly, the CTO of the Foundation replied to the thread on Thursday, updating the situation. He wrote:

“This has been fixed for contracts deployed before 3/6.

Contracts deployed after 3/6 were already safe – the owner of the implementation contract was set to 0, and the contract could not have been self-destructed [sic].”

BeInCrypto has reached out to Foundation but has yet to receive a reply.

Read our complete guide on how to create free NFTs here.

The white hat activities or reporting vulnerabilities to the project secures the Web3 ecosystem for its users. In 2022, white hat hackers saved over $20 billion by reporting the vulnerabilities, giving the projects a chance to fix them. 

Got something to say about Foundation NFTs or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

[ad_2]

Source link

Binance