OpenSea's old contract has discovered a new vulnerability, and users with unrevoked authorizations are at risk of having their NFTs stolen

2022-10-28 17:13:04

Collection

ChainCatcher news, the browser security plugin Pocket Universe indicates that a new vulnerability has been discovered in the old Opensea contract, which can be used to steal users' NFTs. Once a transaction is signed, the wallet may be emptied. It can steal any NFT listed by users on Opensea before May 2022 (i.e., before the Seaport upgrade).

Previously, Opensea used the Wyvern protocol to match orders, granting the proxy contract the permission to withdraw NFTs when users listed them (i.e., the usual setApprovalForAll permission). Therefore, this proxy contract has the right to withdraw NFTs listed by users before May 2022. The new exploit will entice users to sign a transaction, allowing attackers to gain ownership of the user's proxy contract, thereby having the right to withdraw the user's NFTs. (Source link)

Related tags

OpenSea NFT contract vulnerability

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.