Main navigation

One Simple Function Could Ruin Biggest NFT Collection in World: Details

Fri, 02/04/2022 - 10:39
article image
Arman Shirinyan
One line of code could have ruined entire collection
One Simple Function Could Ruin Biggest NFT Collection in World: Details
Cover image via
Read U.TODAY on
Google News

According to data from the minting smart contract of the world's biggest NFT collection, Bored Ape Yacht Club, the owner of the wallet tied to the contract is currently able to mint an infinite quantity of NFT pieces.

The "vulnerability"

As the function "reserveApes" in the contract suggests, it should "Set some Bored Apes aside" but, in fact, the function allows minting of 30 apes at a time without even paying network fees of 0.08 ETH. But the main problem is that the function allows the infinite minting of the collection.

OpenSea Vulnerability Leads to Exploit of Numerous NFTs, Hacker Makes 150 ETH

The code was more likely "left open" accidentally, and there should be another function that would prevent the "reserveApes" function from being repeated by the owner. As the on-chain data suggests, the account ending with "EE4D03" is still active and could mint more apes.

In addition to the function that could potentially ruin the floor price of the whole collection, the wallet has the authority to change the metadata tied to each existing non-fungible token within the collection.

But while the exploit still exists in the code, it is still possible to avoid an unpleasant situation by calling the function to renounce ownership.

NFT industry going through a tough period

Previously, numerous NFT-related exploits took place in the space with the biggest NFT marketplace, OpenSea, facing a technical problem with their API that allowed a user to buy and sell non-fungibles for cheaper prices and then sell them for the market price.

Later on, hackers managed to steal eight NFT pieces from the marketplace by once again exploiting the vulnerability. The stolen pieces were related to collections like Cool Cat and Bored Ape Yacht Club. The hacker's wallet was valued at $117,000.

article image
About the author

Arman Shirinyan is a trader, crypto enthusiast and SMM expert with more than four years of experience.

Arman strongly believes that cryptocurrencies and the blockchain will be of constant use in the future. Currently, he focuses on news, articles with deep analysis of crypto projects and technical analysis of cryptocurrency trading pairs.