Warning Bell for Foundation NFTs? DefiLlama Co-Founder Uncovers Vulnerability

Foundation NFTs might be just a few clicks away from disappearing forever, DefiLlama cofounder 0xngmi explained in a Twitter thread that caught collectors’ attention instantly. So – do we need to be worried?

TL;DR

  • The Foundation NFT marketplace’s smart contracts could allegedly be manipulated and destroyed because of a default feature that allows creators to erase collections;
  • The smart contracts have a two-out-of-six multi-sig protection, but hackers could compromise the contract by bypassing both safety keys.
  • Foundation claims to have fixed the smart contract issue, but the accusations have raised concerns about the immutability of Foundation NFTs.

Can Foundation NFTs Be Manipulated That Easily?

This week, the co-founder of the DeFi platform DefiLlama, 0xngmi, made waves among NFT users with a shocking statement. Accordingly, any smart contract created via the Foundation NFT marketplace can be manipulated and even erased within two transactions. But is that truly possible?

Well, the Foundation NFTs have a default feature that helps creators destroy them if they don’t have any digital assets. In other words, the Foundation team can also destroy collections or collectibles in a heartbeat.

What’s more, each smart contract features a two-out-of-six multisig protection, which means there are two safety keys protecting it. However, some hackers might be able to get through both keys and compromise the smart contract instantly.

This information goes against the fact that Foundation’s smart contracts are immutable, as the community believed until now.

Here’s the message 0xngmi shared via social media:

Twitter screenshot of a post regarding Foundation NFTs by 0xngmi

The anonymous DefiLlama co-founder explained the risks behind Foundation NFTs’ smart contracts via Twitter. Credit: Twitter

”The good news is that it’s possible to remove this backdoor by minting 1 NFT in the implementation contract and then transferring it to a burn address. The bad news is that I disclosed this issue to Foundation ~6 months ago, along with a fix, and it hasn’t been fixed yet,” 0xngmi added in a tweet.

The dev also went on to explain that the Foundation team asked for his KYC to investigate the situation. However, the KYC (Know Your Customer) can reveal information about the user’s (so far) anonymous identity.

How Did Foundation React to the Accusations?

Shortly after 0xngmi’s Twitter post, Foundation decided to address the issue. On June 22nd, the marketplace’s co-founder and CTO, Elpizo Choi, said that the team had already fixed the smart contract problem for almost a month.

”Contracts deployed after 3/6 were already safe – the owner of the implementation contract was set to 0, and the contract could not have been self-destructed,” he said.

Founded in February 2021, Foundation is among the most popular crypto art NFTs marketplaces. The platform grew in popularity thanks to its exclusivity and curated digital artwork. At the time of writing, Foundation boasts over 111,700 NFTs and more than 18,200 unique holders.

Related posts