The National Basketball Association (NBA) revealed pausing minting of its new non-fungible token collection, dubbed – The Association – after a major loophole was detected by BlockSec. Less than a day after the league announced the minting of its Ethereum-based non-fungible token (NFT), it recognized the issues with the smart contract that triggered the “Allow List” supply to sell out prematurely. The Flaw Blockchain security firm, BlockSec revealed identifying a serious vulnerability that could have allowed a malicious entity to mint a large number of NFTs, without paying any tokens. According to the official blog post, the company said the main reason behind the flaw is the incorrect use of signature verification. This essentially means that the contract fails to ensure
Topics:
Chayanika Deka considers the following as important: AA News, Non-Fungible Token (NFT), social
This could be interesting, too:
Wayne Jones writes South Korea’s Crypto Investor Base Increased by 21% in 2024 H1: Report
Jordan Lyanchev writes Is This The Last Week Bitcoin (BTC) Will Ever Be Below K?
Wayne Jones writes RWA Sector Poised for 0B Growth by 2030: Report
Wayne Jones writes London Teen Accused of Helping Al Qaeda Raise Funds in Crypto: Report
The National Basketball Association (NBA) revealed pausing minting of its new non-fungible token collection, dubbed – The Association – after a major loophole was detected by BlockSec. Less than a day after the league announced the minting of its Ethereum-based non-fungible token (NFT), it recognized the issues with the smart contract that triggered the “Allow List” supply to sell out prematurely.
The Flaw
Blockchain security firm, BlockSec revealed identifying a serious vulnerability that could have allowed a malicious entity to mint a large number of NFTs, without paying any tokens. According to the official blog post, the company said the main reason behind the flaw is the incorrect use of signature verification.
This essentially means that the contract fails to ensure that the signature can only be used by the user (and only the user) once. The vulnerability also allowed the attacker to reuse a privileged user’s signature and mint tokens to themselves.
The company stated,
“We are surprised that how such a vulnerability can exist in a popular NFT project. The whole community needs to pay more attention to the security of the contract.”
The attacker reportedly managed to mint 100 NFTs and sell them on the OpenSea marketplace. The latest development depicts, once again, the necessity of evaluating the security of a smart contract.
A Twitter user said,
“What’s even more hilarious about this NBA Associated NFT is it’s called V2 on OpenSea. Which means they created a contract, found an error and then released V2 with still the most basic exploit possible in it. Whoever at the NBA choose this partnership needs to be fired.”
The NFT Collection
The NBA had first unveiled the launch of its Web 3 project – “The Association” – which involves 18,000 non-fungible tokens representing all 240 assigned NBA players in this year’s playoffs. Furthermore, 75 NFTs are allocated randomly using Chainlink VRF to each player from the 16 participating teams.
Leveraging Chainlink oracles will allow each player’s NFT appearance to alter automatically. The dynamic NFTs will change in appearance based on the performance of the players. In short, more accomplishments during the 2022 NBA playoffs mean players will see more visual changes in their digital collectibles, throughout the course of the postseason tournament.