NFT Evening NFT Evening
    Facebook Twitter Instagram Reddit
    NFT Evening NFT Evening
    • News
      • Collectibles
      • Crypto Art
      • Blockchain games
      • Metaverse
      • Music
      • Interviews
    • Guides
      • Top NFT Projects
      • Top Blockchain Games
      • NFT Marketplaces and Tools
    • Learn here!
      • What is an NFT?
      • How to keep your NFTs safe
      • NFT Glossary
    • NFT Calendar
      • NFT Drops
      • NFT Conferences
    • Newsletter
    NFT Evening NFT Evening
    News

    Home » News » Blur NFT Marketplace Might Not Be As Safe As We Thought

    Blur NFT Marketplace Might Not Be As Safe As We Thought

    By VineetOctober 28, 2022Updated:February 2, 20233 Mins Read

    Following a successful airdrop announcement, the now-reviewed Blur NFT marketplace smart contracts paint a shady picture. The Blur NFT contracts review, by Twitter user @0xQuit, is a follow-up to his previous thread on the Blur airdrop. So, what has the Blur contract review revealed? And what is suspicious about these Blur contracts?

    a screenshot of the Blur NFT marketplace

    What Do The Blur NFT Marketplace Contract Review Results Show?

    On the original airdrop thread, @0xQuit mentioned a step-by-step process to collect the airdrop. One of these steps was to list an NFT. The Blur NFT marketplace required users to sign a (then) unverified contract. So, @0xQuit suggested users upload a low-tier, low-value NFT for this step. Upon further review, the Blur approval request was for contract 0x00000000000111AbE46ff893f3B2fdF1F759a8A8.

    This contract strictly handles token transfers on the exchange. A similar code exists between other marketplaces like OpenSea and LooksRare. These contracts are, in essence, very similar “modular components with a very specialized purpose of transferring tokens.”

    For example, on LooksRare, the code states that on approving the contract, only LooksRare can handle token transfers between the exchange/marketplace.  On OpenSea, a similar process takes place, but with the control given over to “conduit controllers” that add channels to allow movement/transfers of movement.

    LooksRare Exchange Smart Contract Codes
    LooksRare Exchange Smart Contract Codes. Line 27 blocks anything other than the marketplace address from transferring tokens. This address is set at Line 9.

    To put it simply, the users would need a high degree of trust in OpenSea or LooksRare for them to approve contracts. However, on Blur, there are two key issues that @0xQuit points out. The first is that in their code, the same conduits only check if the caller is allowed to move tokens.

    This means that the owner of the smart contract can still add other addresses to the mapping, and yank tokens. Blur as a new NFT marketplace has not yet earned that level of trust. Another issue pointed to the “exchange contract”, which is in itself transferrable. Meaning that users would never truly know what they are approving.

    Potential Solutions

    With these two issues in light, Blur marketplace owner @Pacman_Blur has assured users of safety. The contracts are multi-signature contracts, verified by @0xQuit as well. @0xQuit also pointed out a couple of solutions, the first being to finalize the BlurExchange contract so that it isn’t upgradeable. The other is renouncing the ownership of the ExecutionDelegate so that no new contracts are added or removed.

    In response, @Pacman_Blur also tweeted that these concerns are similar to the contracts at OpenSea and X2Y2. Both these platforms could have anyone add extra callers to the contracts at any time. He also stated that the NFT marketplace has completed its security audits via dedbaub & code4rena. He also stated “I think your suggestions are reasonable and we will definitely consider finalizing the exchange contract in the future. With that said 100% security is never achievable. There are always threat vectors from hardware to digital to physical.”

    Join Our New "To The Moon" daily Newsletter

    Get our free, 5 minutes daily newsletter. Join 25,000+ NFT enthusiasts & stay on top 👊🌚

    Thank you!

    You have successfully joined our subscriber list.

    .

     


    All investment/financial opinions expressed by NFTevening.com are not recommendations.

    This article is educational material.

    As always, make your own research prior to making any kind of investment.

    NFT Marketplacenft security
    Previous ArticleARKPIA & Florentijn Hofman to Debut World’s 1st Public Artwork AR
    Next Article Twitter Introduces “NFT Tiles” To Help Users View NFTs in App
    Vineet
    • Website
    • Twitter

    Vineet is a storyteller based in Mumbai. Having previously worked for various web2 organizations as a journalist, instructional designer, and event manager, he got into blockchain in early 2021. As a musician by passion, he fell in love with the digital megastructures building the future of art and creativity. He believes that web3 unlocks creativity at a higher level, and works towards onboarding music projects to the space.

    More great NFT Evening content:

    Limited-time Band of the Wolf set for Gods Unchained launching in March

    March 20, 2023

    Microsoft Edge Hops on the NFT Bandwagon with Built-In Wallet

    March 20, 2023

    Spatial Empowers Creators with Easy-to-Use Toolkit for Building Games and Stories

    March 20, 2023

    Beeple’s ‘The Long Road’ – is this the Ultimate Puzzle?

    March 20, 2023

    Splinterlands Reveals Plans for Land Gameplay

    March 20, 2023

    Bitcoin Inscriptions Reach Half a Million, Miners Rake in Millions

    March 20, 2023

    NFTs Driving Change: How Dropspot Is Supporting Female NFT Creators & The Malala Fund

    March 20, 2023

    Are NFT Fees Crushing Creators? Origin Story Has a Solution

    March 20, 2023
    Latest NFT News

    Limited-time Band of the Wolf set for Gods Unchained launching in March

    March 20, 2023

    Microsoft Edge Hops on the NFT Bandwagon with Built-In Wallet

    March 20, 2023

    Spatial Empowers Creators with Easy-to-Use Toolkit for Building Games and Stories

    March 20, 2023

    Beeple’s ‘The Long Road’ – is this the Ultimate Puzzle?

    March 20, 2023

    Splinterlands Reveals Plans for Land Gameplay

    March 20, 2023

    Bitcoin Inscriptions Reach Half a Million, Miners Rake in Millions

    March 20, 2023

    NFTs Driving Change: How Dropspot Is Supporting Female NFT Creators & The Malala Fund

    March 20, 2023

    Are NFT Fees Crushing Creators? Origin Story Has a Solution

    March 20, 2023
    Get The FREE Exclusive Report
    CLICK HERE

    NFTevening is the biggest website for NFT news. We cover; breaking news, upcoming mints, plus, interviews with top NFT artists and projects. Put simply, we are the best place for new and experienced non-fungible token fans — making content fun & accessible

    Privacy policy
    Terms and conditions

    Article Categories
    • Blockchain games
    • Collectibles
    • Columns
    • Crypto Art
    • Guides
    • Interviews
    • Metaverse
    • Music
    • News
    • NFT Marketplaces and Tools
    • Sponsored Content
    • Top Blockchain Games
    • Top NFT Projects
    NFT Calendar
    • Today’s NFT Drops
    • Upcoming NFT Drops
    • Solana NFT Drops
    • NFT Calendar
    • NFT Calendar : Add Your NFT Event
    Get In Touch
    • Advertise (Media Kit)
    • Job Opportunities
    • About Us
    • Contact Us
    • Newsletter
    NFT Beginners Guides
    • How to Sell NFT Art
    • How to Create NFT Art
    • How to Display NFT Art
    • How To Make Passive Income With NFTs
    • Best Crypto Wallet
    • Best NFT Coins
    • Best NFT Rarity Tools
    • What is a DAO ?
    • What Are Crypto Gas Fees ?

    Type above and press Enter to search. Press Esc to cancel.