{"id":8697,"date":"2023-06-23T20:51:52","date_gmt":"2023-06-23T20:51:52","guid":{"rendered":"https:\/\/nft.runfyers.com\/index.php\/2023\/06\/23\/warning-bell-for-foundation-nfts-defillama-co-founder-uncovers-vulnerability\/"},"modified":"2023-06-23T20:51:52","modified_gmt":"2023-06-23T20:51:52","slug":"warning-bell-for-foundation-nfts-defillama-co-founder-uncovers-vulnerability","status":"publish","type":"post","link":"https:\/\/nft.runfyers.com\/index.php\/2023\/06\/23\/warning-bell-for-foundation-nfts-defillama-co-founder-uncovers-vulnerability\/","title":{"rendered":"Warning Bell for Foundation NFTs? DefiLlama Co-Founder Uncovers Vulnerability"},"content":{"rendered":"<p><\/p>\n<div>\n<p>Foundation NFTs might be just a few clicks away from disappearing forever, DefiLlama cofounder 0xngmi explained in a Twitter thread that caught collectors\u2019 attention instantly.<\/p>\n<p><strong>TL;DR<\/strong><\/p>\n<ul>\n<li>The <a href=\"https:\/\/nftevening.com\/the-new-foundation-nft-marketplace-update-is-here-and-its-ugly\/?swcfpc=1\" target=\"_blank\" rel=\"noopener\">Foundation NFT marketplace<\/a>\u2018s smart contracts could allegedly be manipulated and destroyed because of a default feature that allows creators to erase collections;<\/li>\n<li>The smart contracts have a two-out-of-six multi-sig protection, but hackers could compromise the contract by bypassing both safety keys.<\/li>\n<li>Foundation claims to have fixed the smart contract issue, but the accusations have raised concerns about the immutability of Foundation NFTs.<\/li>\n<\/ul>\n<figure id=\"attachment_107595\" aria-describedby=\"caption-attachment-107595\" style=\"width: 1018px\" class=\"wp-caption aligncenter\"><noscript><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-107595 size-full\" src=\"https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace.png.webp\" alt=\"\" width=\"1018\" height=\"675\" srcset=\"https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace.png.webp 1018w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace-300x199.png.webp 300w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace-768x509.png.webp 768w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace-84x56.png.webp 84w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace-150x99.png.webp 150w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace-450x298.png.webp 450w\" sizes=\"(max-width: 1018px) 100vw, 1018px\"\/><\/noscript><figcaption id=\"caption-attachment-107595\" class=\"wp-caption-text\">All of the Foundation NFTs might be at risk of being compromised, DeFi anonymous cofounder 0xngmi tweeted earlier this week.<\/figcaption><\/figure>\n<h2><span id=\"Can_Foundation_NFTs_Be_Manipulated_That_Easily\">Can Foundation NFTs Be Manipulated That Easily?<\/span><\/h2>\n<p>This week, the co-founder of the DeFi platform DefiLlama, 0xngmi, made waves among NFT users with a shocking statement. Accordingly, any smart contract created via the Foundation NFT marketplace can be manipulated and even <em>erased<\/em> within two transactions. But is that truly possible?<\/p>\n<p>Well, the Foundation NFTs have a default feature that helps creators destroy them if they don\u2019t have any digital assets. In other words, the Foundation team can also destroy collections or collectibles in a heartbeat.<\/p>\n<p>What\u2019s more, each smart contract features a two-out-of-six multisig protection, which means there are two safety keys protecting it. However, some hackers might be able to get through both keys and compromise the smart contract instantly.<\/p>\n<p>This information goes against the fact that Foundation\u2019s smart contracts are immutable, as the community believed until now.<\/p>\n<p>Here\u2019s the message 0xngmi shared via social media:<\/p>\n<figure id=\"attachment_107593\" aria-describedby=\"caption-attachment-107593\" style=\"width: 724px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-107593 size-full perfmatters-lazy\" alt=\"Twitter screenshot of a post regarding Foundation NFTs by 0xngmi\" width=\"724\" height=\"459\" src=\"https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked.png.webp\" srcset=\"https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked.png.webp 724w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-300x190.png.webp 300w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-88x56.png.webp 88w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-150x95.png.webp 150w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-450x285.png.webp 450w\" data-sizes=\"(max-width: 724px) 100vw, 724px\"\/><noscript><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-107593 size-full\" src=\"https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked.png.webp\" alt=\"Twitter screenshot of a post regarding Foundation NFTs by 0xngmi\" width=\"724\" height=\"459\" srcset=\"https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked.png.webp 724w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-300x190.png.webp 300w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-88x56.png.webp 88w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-150x95.png.webp 150w,  https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-hacked-450x285.png.webp 450w\" sizes=\"(max-width: 724px) 100vw, 724px\"\/><\/noscript><figcaption id=\"caption-attachment-107593\" class=\"wp-caption-text\">The anonymous DefiLlama co-founder explained the risks behind Foundation NFTs\u2019 smart contracts via Twitter. Credit: Twitter<\/figcaption><\/figure>\n<p><em>\u201dThe good news is that it\u2019s possible to remove this backdoor by minting 1 NFT in the implementation contract and then transferring it to a burn address. The bad news is that I disclosed this issue to Foundation ~6 months ago, along with a fix, and it hasn\u2019t been fixed yet,\u201d<\/em> 0xngmi added <a href=\"https:\/\/twitter.com\/0xngmi\/status\/1671344103999545346\" target=\"_blank\" rel=\"noopener\">in a tweet<\/a>.<\/p>\n<p>The dev also went on to explain that the Foundation team asked for his KYC to investigate the situation. However, the KYC (Know Your Customer) can reveal information about the user\u2019s (so far) anonymous identity.<\/p>\n<p>\u00a0<\/p>\n<h2><span id=\"How_Did_Foundation_React_to_The_Accusations\">How Did Foundation React to The Accusations?<\/span><\/h2>\n<p>Shortly after 0xngmi\u2019s Twitter post, Foundation decided to address the issue. On June 22nd, the marketplace\u2019s co-founder and CTO, Elpizo Choi, said that the team had already fixed the smart contract problem for almost a month.<\/p>\n<p><em>\u201dContracts deployed after 3\/6 were already safe \u2013 the owner of the implementation contract was set to 0, and the contract could not have been self-destructed,\u201d<\/em> he said.<\/p>\n<p>Founded in February 2021, Foundation is among the most popular crypto art NFTs marketplaces. The platform grew in popularity thanks to its exclusivity and curated digital artwork. At the time of writing, Foundation boasts over 111,700 NFTs and more than 18,200 unique holders.<\/p>\n<p><iframe data-test-id=\"beehiiv-embed\" width=\"100%\" height=\"320\" frameborder=\"0\" scrolling=\"no\" style=\"border-radius: 4px; border: 2px solid #e5e7eb; margin: 0; background-color: transparent;\" class=\"perfmatters-lazy\" data-src=\"https:\/\/embeds.beehiiv.com\/37fed65e-f01c-4c4c-b8f1-1b71da0be0a4\"><\/iframe><noscript><iframe loading=\"lazy\" src=\"https:\/\/embeds.beehiiv.com\/37fed65e-f01c-4c4c-b8f1-1b71da0be0a4\" data-test-id=\"beehiiv-embed\" width=\"100%\" height=\"320\" frameborder=\"0\" scrolling=\"no\" style=\"border-radius: 4px; border: 2px solid #e5e7eb; margin: 0; background-color: transparent;\"><\/iframe><\/noscript><\/p>\n<div class=\"bottom-text__wrapper post-content\">\n<p>\u00a0<\/p>\n<hr\/>\n<p><em>All investment\/financial opinions expressed by NFTevening.com are not recommendations.<\/em><\/p>\n<p><em>This article is educational material.<\/em><\/p>\n<p><em>As always, make your own research prior to making any kind of investment.<\/em><\/p>\n<\/div>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><a href=\"https:\/\/nftevening.com\/warning-bell-for-foundation-nfts-defillama-co-founder-uncovers-vulnerability\/\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Foundation NFTs might be just a few clicks away from disappearing forever, DefiLlama cofounder 0xngmi explained in a Twitter thread that caught collectors\u2019 attention instantly. TL;DR The Foundation NFT marketplace\u2018s smart contracts could allegedly be manipulated and destroyed because of a default feature that allows creators to erase collections; The smart contracts have a two-out-of-six [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":8698,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[9],"tags":[21],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/nftevening.com\/wp-content\/uploads\/2023\/06\/foundation-nfts-marketplace.png","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/8697"}],"collection":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=8697"}],"version-history":[{"count":0,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/8697\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/8698"}],"wp:attachment":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=8697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=8697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=8697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}