OpenSea vulnerability nets user 347 ETH
OpenSea NFT marketplace users were warned about a vulnerability that allows buying expensive tokens at undervalued prices.
BREAKING: Everyone head to https://t.co/nRpSAHivfe
and make sure all of your old listings are cancelled. There is currently an exploit on @opensea letting someone buy your NFTs for old listing prices. This is happening right now!!— Hustler (@0xHustler) January 24, 2022
A user going by the pseudonym jpegdegenlove was implicated in exploiting the OpenSea API vulnerability on the Rarible platform. According to Etherscan, the manipulation earned him 347 ETH ($784,830 at the time of writing).
A user named jpegdegenlove on OpenSea is suspected of using the vulnerability to buy low and sell high, making a profit of more than 250 ETH. The NFTs involved include BAYC #9991, BAYC #8924, MAYC #4986, etc. https://t.co/H1IJiZkl2Z https://t.co/cc4djcIWEj pic.twitter.com/3aMpc6mI7H
— Wu Blockchain (@WuBlockchain) January 24, 2022
On December 31, 2021, the founder of freshdrops drew attention to the bug and urged OpenSea to fix it. He said that delisting a token from the platform incurs an additional fee, the size of which can be substantial given the drop in the collection’s value. In addition to the thread, the author noted that this concerns gas costs.
1. OS doesn’t charge a delisting fee, it’s the cost of gas to remove the listing from the blockchain.
OS is not pocketing ETH to delist an item.— cap10bad.ΞTH | freshdrops.io (@cap10bad) January 24, 2022
Users found a workaround — when transferring the NFT to an external wallet, it disappears from the marketplace listing. However, the token remains available for purchase on Rarible via the OpenSea API at the old price if it is returned to the original wallet.
However, freshdrops noted that this is not an OpenSea error as such. According to him, the problem is that “the NFT holder cannot see these listings anywhere to cancel them”.
4. This is not a bug, per se, on OS’s part. The issue is that there is nowhere obvious for an NFT holder to see these listings to cancel them.
IMHO, the obvious place they should be displayed is where the holder created the listing, on OS.— cap10bad.ΞTH | freshdrops.io (@cap10bad) January 24, 2022
OpenSea said it has launched a new feature to view and cancel listings.
What’s going on:
Listings made a long time ago are resurfacing when items transfer back into lister’s wallets.What we did:
We can’t cancel these orders for listers, so to fix the problem, we launched a new listings manager today.https://t.co/jy2sUhaBUA pic.twitter.com/6b8lHmkEYN— OpenSea (@opensea) January 24, 2022
In a comment to The Block, a representative of the marketplace said that OpenSea changed the default listing duration from six to one month.
OpenSea also plans to notify users when transferring tokens tied to an active listing from their wallet. A spokesperson said that “OpenSea is actively engaging with those affected and reimbursing their costs”.
Earlier, the number of OpenSea users surpassed 1 million.
From January 1 to January 17, 2022, the marketplace’s trading volume reached $3.52 billion — a figure the established maximum set in August 2021.
In September 2021, an OpenSea bug led to the destruction of 42 NFTs worth $100,000.
Follow ForkLog news on VK!
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!