Cybersecurity firm Sayfer has identified a new vulnerability affecting 10% of all NFT projects. The so-called BadReveal vulnerability attacks the minting process of non-fungible tokens, which are meant to be generated randomly. By exploiting the BadReveal bug, an attacker could claim the best and most valuable NFTs at launch before reselling them for great profit on the secondary market.
With most NFT projects, tokens are minted blindly to ensure a fair distribution of NFTs, whose rarity traits can differ greatly. Within days of the mint being completed, the ‘reveal’ occurs whereupon the metadata is made public and buyers can ascertain the characteristics of their NFT. If an attacker somehow manages to access the metadata before it is revealed, they could use this information to snap up valuable unrevealed NFTs.
While analyzing the code for leading NFT projects, Sayfer researchers found that many of them entail two different transactions in the reveal process. The project owner first sets the unique metadata for the reveal and then later reveals the data to the public. In the time between these two transactions, which is typically hours or even days, a skilled attacker can scan all NFT metadata in the project and pinpoint the rarest tokens.
Sayfer found the vulnerability in dozens of projects whose codebase it assessed, and believes it is replicable in thousands more. Its team has stated that since there is no way to automatically test for the presence of the BadReveal vulnerability, NFT projects should commission a security audit prior to launch. This will give the community faith in the integrity of the minting process and ensure a fair distribution of NFTs to owners who will become passionately involved with the project.
Sayfer is a leading consultant cybersecurity company. We make organizations safer with ad-hoc solutions that close the gaps common security products fail to reach. Our clients enjoy fast, bespoke solutions that prevent major security breaches. Sayfer specializes in offensive defense by leveraging approaches that imitate the attacker’s behavior. Through reverse-engineering and vulnerability research, we are able to find novel security breaches in our client’s products and prevent the real bad guys from threatening our clients.