Sunday, December 4, 2022
 

BlockSec Report 2022: 54.5K NFT Contracts Have Privilege Functions

  • BlockSec and NFTGo 2022 report revealed 54.5k NFT contracts allow privilege functions.
  • 61.8% of NFT projects are over-centralised & 50% are capitalized by one user.
  • Wash trading transaction volume reached 9.8 million ETH or $15.2 billion.

BlockSec and NFTGo have published their 2022 NFT security report. which revealed the prominent security risks of the NFT ecosystem.

The report focuses on off-chain NFT security risks that determine the safety of digital assets stored off the blockchain, as well as, the on-chain NFT security risks which mean the risks driven by smart contracts and transactions happening on the blockchain.

Moreover, the report displays a systematic study of all 25,900,000 NFT transactions that have taken place on the Ethereum blockchain network from July 2015 to August 2022, including 119,900 NFT contracts and 83,100,000 issued NFT tokens.

The report suggests 5 major observations. Firstly, 16.1k out of 84.8k (19%) NFT projects have NFT assets that are inaccessible. Meaning that digital asset tokens worth around 330.2K Ether ($515 million) are at the risk of becoming worthless and causing major financial loss to their owners.

Next, almost 55.4% of open-source NFT contracts display reentrancy and improper access control issues. In addition, 54.5k NFT contracts have privilege functions that enable privileged users to operate other users’ assets without permission.

Thirdly, BlockSec discovered 1,960 sleepmint transactions involving 75 NFT contracts. A sleepmint contract is when an attacker mints an NFT to a high-profile person without their permission, using privilege functions, and then transfers the token to the attacker’s account and lists it on the market.

BlockSec also found that nearly 61.8% of NFT projects are under holder pooling risk, which occurs when a few users known as the “big whales”, own maximum tokens in an NFT project. This abnormal on-chain market behaviour disturbs the liquidity of the market and its robustness via ownership concentrations. Currently, 50% of the tokens in the projects are owned by one user.

Lastly, the report concluded that 43.0% of the total trading volume on OpenSea, LooksRare, and X2Y2, reaching 9.8M ETH or $15.2B are wash trading transactions. Wash trading is a market manipulation tactic where a user buys and sells the same NFT collections without incurring market risk or changing the trader’s market position.

  • BlockSec and NFTGo 2022 report revealed 54.5k NFT contracts allow privilege functions.
  • 61.8% of NFT projects are over-centralised & 50% are capitalized by one user.
  • Wash trading transaction volume reached 9.8 million ETH or $15.2 billion.

BlockSec and NFTGo have published their 2022 NFT security report. which revealed the prominent security risks of the NFT ecosystem.

The report focuses on off-chain NFT security risks that determine the safety of digital assets stored off the blockchain, as well as, the on-chain NFT security risks which mean the risks driven by smart contracts and transactions happening on the blockchain.

Moreover, the report displays a systematic study of all 25,900,000 NFT transactions that have taken place on the Ethereum blockchain network from July 2015 to August 2022, including 119,900 NFT contracts and 83,100,000 issued NFT tokens.

The report suggests 5 major observations. Firstly, 16.1k out of 84.8k (19%) NFT projects have NFT assets that are inaccessible. Meaning that digital asset tokens worth around 330.2K Ether ($515 million) are at the risk of becoming worthless and causing major financial loss to their owners.

Next, almost 55.4% of open-source NFT contracts display reentrancy and improper access control issues. In addition, 54.5k NFT contracts have privilege functions that enable privileged users to operate other users’ assets without permission.

Thirdly, BlockSec discovered 1,960 sleepmint transactions involving 75 NFT contracts. A sleepmint contract is when an attacker mints an NFT to a high-profile person without their permission, using privilege functions, and then transfers the token to the attacker’s account and lists it on the market.

BlockSec also found that nearly 61.8% of NFT projects are under holder pooling risk, which occurs when a few users known as the “big whales”, own maximum tokens in an NFT project. This abnormal on-chain market behaviour disturbs the liquidity of the market and its robustness via ownership concentrations. Currently, 50% of the tokens in the projects are owned by one user.

Lastly, the report concluded that 43.0% of the total trading volume on OpenSea, LooksRare, and X2Y2, reaching 9.8M ETH or $15.2B are wash trading transactions. Wash trading is a market manipulation tactic where a user buys and sells the same NFT collections without incurring market risk or changing the trader’s market position.

 

Latest news