Skip to content

NFT

NFT

3 Part series for making a NFT

Versions

ERC-20 Schema:
ERC20 tokens are basically what we will call “Fungible Tokens”. Fungibility is the ability of a good or asset to be readily interchanged for another of like kind. Think of two 1 dollar notes. Both the notes are different, but their value is exactly the same. The same is the case in an ERC20 token. Each token is worth the exact same as the other tokens in value.

ERC-721 Schema:
ERC721 are what are called "Non-Fungible tokens"

{
  "name": "Buzz",
  "description": "Paper collage, using salvaged and original watercolour papers", 
  "image": "https://ipfs.infura.io/ipfs/QmWc6YHE815F8kExchG9kd2uSsv7ZF1iQNn23bt5iKC6K3/image",
  "meta": "https://ipfs.infura.io/ipfs/QmWc6YHE815F8kExchG9kd2uSsv7ZF1iQNn23bt5iKC6K3/other"
}

ERC-1155:
ERC-1155 allows you to create Fungible, Non-Fungible, and Semi-Fungible in one single token standard. Both Fungible and Non-Fungible tokens can be created using the same standard.

{
    "title": "Token Metadata",
    "type": "object",
    "properties": {
        "name": {
            "type": "string",
            "description": "Identifies the asset to which this token represents"
        },
        "decimals": {
            "type": "integer",
            "description": "The number of decimal places that the token amount should display - e.g. 18, means to divide the token amount by 1000000000000000000 to get its user representation."
        },
        "description": {
            "type": "string",
            "description": "Describes the asset to which this token represents"
        },
        "image": {
            "type": "string",
            "description": "A URI pointing to a resource with mime type image/* representing the asset to which this token represents. Consider making any images at a width between 320 and 1080 pixels and aspect ratio between 1.91:1 and 4:5 inclusive."
        },
        "properties": {
            "type": "object",
            "description": "Arbitrary properties. Values may be strings, numbers, object or arrays."
        }
    }
}

Inter Planetary File System (IPFS)

is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses content-addressing to uniquely identify each file in a global namespace connecting all computing devices.

The most Secure way to store info using IPFS is to pin the hash to a specific node that you host the file on.

Security

NFT are Files and they contain their own security issues. The most common files are Image and Video. These may contain SSRF, XSS and other types of issues when providing it to a user.

Known Attacks:
https://timdaub.github.io/2021/04/22/nft-sleepminting-beeple-provenance/
https://twitter.com/kelvinfichter/status/1489041221947375616?t=U21D7BqJr951KfKUiTHUmA&s=09
https://research.kudelskisecurity.com/2022/02/03/quick-analysis-of-the-wormhole-attack/
https://marketrealist.com/p/wormhole-hack-explained/

Pshing Attacks

setApprovalForAll Attack

NFT Specific Security

  • Roles and permissions of owners/controllers/etc. address do not impact ownership of NFTs.
  • Required ownership and balance checks are implemented via ownerOf(uint256) and balanceOf(address) and marked as view.
  • No mechanisms (e.g. require() in modifiers) that can make calls to balanceOf(address) or ownerOf(uint256) fail. Unless the tokenId is invalid.
  • If minting is implemented, it emits the regular NFT transfer event, and specifies the zero-address as from address.
    • This is not required in EIP-721 but are conditions of EIP-1155.
  • If burning is implemented, it emits the regular NFT transfer event, and specifies the zero-address as to address.
    • This is not required in EIP-721 but are conditions of EIP-1155.

ETH Smart Contracts Security

  • Collection has its Smart Contract code open sourced
    • Linked and verified by etherscan
  • NFT contract is not upgradable
  • The owner has limited minting capabilities
  • NFT contract can't be killed (no selfdestruct, no suicide)
  • NFT contract does not use delegatecall
    • Other contracts can't modify state of token contract.
  • NFT is an ERC721 token or an ERC1155 token, but not both
  • ERC-721 Contract
    • Use slither-check-erc to check for ERC721 Conformity
      • Required transfer functions are implemented
      • The function safeTransferFrom calls compatibility functions on the receiver address
      • All transfer functions (safeTransferFrom and others) emit the event Transfer(address indexed from, address indexed to, uint256 amount). or the ERC-721 event per NFT.
      • Batch transfers must emit per NFT Transfer(address indexed from, address indexed to, uint256 amount)
    • The contract is built on OpenZeppelin ERC721 Contract
      • Contact Uses SafeMath
  • ERC-1155 Contract
    • Use slither-check-erc to check for ERC-1155 Conformity
      • Required transfer functions are implemented
      • The function safeTransferFrom calls compatibility functions on the receiver address
      • All transfer functions (safeTransferFrom and others) emit the event Transfer(address indexed from, address indexed to, uint256 amount).
      • Batch transfers must emit a single TransferBatch(address indexed _operator, address indexed _from, address indexed _to, uint256[] _ids, uint256[] _values)
    • The contract is built on OpenZeppelin ERC-1155 Contract
      • Contact Uses SafeMath
  • The token is not pausable
  • The owner cannot blacklist an individual address
  • Batch-transfer functionality
    • There is no code that would re-direct the NFT transfer to an address other than to.
    • There is no code that would burn the NFT on transfer.
    • No external calls made in safeTransferFrom() code excluding the required onERC721Received or onERC1155Received. No re-entrancy possible.
    • NFTs are owned by a single address. No other address can move or burn owner's funds.
    • NFT approvals/allowances are cleared on transfer.
  • Validate all JSON field values
  • The metadata exists and resides in an immutable data store
  • The resources pointed to by the URIs exist
  • JSON files do not contain duplicate keys
    • This may cause confusion in JSON parsers
  • Ensure that the processed JSONs such as the NFTs on-chain or off-chain
  • Linked metadata files are Image or Video files
    • Files are run through metadefender to check for Attack Vectors like SSRF.
      • Image/videos do not contain ImageTragik Exploits or FFmpeg HLS vulnerabilities
      • Picture Metadata does not contain any malicious payloads
      • SVG images do not contain any XSLT,XXE,SSRF,XSS,or XML injection payloads
      • Image files do not have image dimensions defined in the file that are not represented by the data.
  • Limit Schemas to http/https/ipfs (Check if others are in use)
  • Hash Files in cache with notification when/if they are changed.

Solana Smart Contracts

  • The collection is built on Metaplex
  • The number of items to be listed is the same as the total number in the collection
  • Images generally reflect their traits/attributes
  • The items in the collection are immutable, e.g., their metadata URIs cannot be changed
  • The content URLs pointed to by off-chain metadata exists and are stored in an immutable data store
  • The items’ off-chain metadata exists and is stored in an immutable data store.
    • Solana Explorer
    • Off-chain metadata fields values match the on-chain ones
  • Candy Machines
    • The Collection does not use hidden settings.
    • Ensure that the hidden settings hash field does not appear in the past
  • JSON Data
    • Validate all JSON field values
    • The metadata exists and resides in an immutable data store
    • The resources pointed to by the URIs exist and
    • Ensure that the processed JSONs such as the NFTs on-chain or off-chain
    • metadata JSONs do not contain duplicate keys