Last updated on June 23rd, 2023 at 05:05 pm
NFT platform Foundation has successfully resolved a critical issue related to a self-destruct capability that posed a threat to NFTs created on the platform.
Elpizo Choi, Foundation’s CTO, took to Twitter to announce that the problem had been resolved for contracts deployed before March 6. Choi added that contracts deployed after that date were already secure, as the implementation contract’s owner had been set to 0, effectively preventing the possibility of self-destruction.
This has been fixed for contracts deployed before 3/6.
Contracts deployed after 3/6 were already safe – the owner of the implementation contract was set to 0, and the contract could not have been self destructed.
— Elpizo Choi (@elpizoch) June 22, 2023
The problem was initially brought to the public’s attention on June 21, 2023, by 0xngmi, co-founder of DeFiLlama, a crypto analytics service provider. 0xngmi noted that he had reported this issue to the platform six months ago, but nothing concrete was done.
According to 0xngmi, foundation’s NFT collections utilize a “forwarder proxy” in conjunction with a single deployer contract, which helps reduce transaction fees during contract deployments. However, the deployer contract contained a self-destruct feature that posed a significant threat to all collections created on the platform, despite its original intention of allowing authors to voluntarily destroy their collections if needed.
At the time of the discovery, the contract was protected by a “2-out-of-6 multi-signature wallet.” This meant that if an attacker gained access to the account and obtained two signatures from the Foundation team, they could take control of the deployer contract and make unauthorized changes. The concern was that a hacker obtaining both keys could hold all NFTs hostage or destroy them entirely.
In a GitHub article, 0xngmi outlined how they replicated the attack and confirmed that the contract’s owner could render all NFTs useless. 0xngmi also pointed out that though Foundation NFT collectors had assumed that their assets were immutable on the blockchain and couldn’t be altered, all NFTs on the platform were just two transactions away from potential destruction. Though the actual content of the NFTs might remain intact, there was a risk to the associated metadata.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
