Trusted

Are Foundation NFTs at Risk? DefiLlama Co-Founder Sheds Light on Exploit

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • DefiLlama co-founder 0xngmi reveals a vulnerability in Foundation's NFT contracts.
  • 0xngmi claimed that Foundation NFTs were just two transaction away from destruction.
  • However Foundation CTO has explained that the issue has been solved.
  • promo

The pseudonymous co-founder of the DeFi data aggregator platform DefiLlama, shed light on vulnerabilities that could erase all the NFTs minted using the Foundation’s contract.

In the Web3 industry, most projects have open-sourced code, allowing other developers to view the source code of various platforms. This also enables other developers to contribute to the project and flag certain vulnerabilities or bugs.

Foundation NFTs Two Transactions Away From Being Destroyed?

0xngmi, the anon co-founder of DefiLlama, wrote a Twitter thread highlighting an exploit in Foundation’s non-fungible token (NFT) contracts. Foundation is a platform that allows the creation and trading of NFTs

While NFTs are supposed to be immutable, 0xngmi argues that the NFTs minted using Foundation’s contracts “are just two transactions away from being destroyed.”

Screenshot of DefiLlama's co-founder  0xngmi's tweets
Source: Twitter

0xngmi Explains Vulnerability

According to 0xngmi, NFTs minted on Foundation utilize a common smart contract for saving gas fees. Moreover, Foundation has a feature that allows contract owners to destroy it if it has no NFTs.

Hence, if the Foundation team or certain bad actors destroy this common contract, all the collection contracts might stop working.

Screenshot of DefiLlama's co-founder  0xngmi's tweets
Source: Twitter

Two-out-of-six multi-sig protects the common smart contract. If any two keys get exposed to hackers, they could hold the NFTs for ransom or destroy them. 

0xngmi further reveals that he reported the exploit six months ago, but the Foundation team did not update him. Additionally, they asked for 0xngmi’s ‘know your customer” (KYC) detail that might reveal the identity of the anonymous co-founder.

0xngmi shares the timeline of his interaction with Foundation team
Source: Twitter

Lastly, the CTO of the Foundation replied to the thread on Thursday, updating the situation. He wrote:

“This has been fixed for contracts deployed before 3/6.

Contracts deployed after 3/6 were already safe – the owner of the implementation contract was set to 0, and the contract could not have been self-destructed [sic].”

BeInCrypto has reached out to Foundation but has yet to receive a reply.

Read our complete guide on how to create free NFTs here.

The white hat activities or reporting vulnerabilities to the project secures the Web3 ecosystem for its users. In 2022, white hat hackers saved over $20 billion by reporting the vulnerabilities, giving the projects a chance to fix them. 

Got something to say about Foundation NFTs or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Harsh.png
Harsh Notariya
Harsh Notariya is an Editorial Standards Lead at BeInCrypto, who also writes about various topics, including decentralized physical infrastructure networks (DePIN), tokenization, crypto airdrops, decentralized finance (DeFi), meme coins, and altcoins. Before joining BeInCrypto, he was a community consultant at Totality Corp, specializing in the metaverse and non-fungible tokens (NFTs). Additionally, Harsh was a blockchain content writer and researcher at Financial Funda, where he created...
READ FULL BIO
Sponsored
Sponsored