NFT

SuperRare $730,000 exploit was easily preventable — Experts weigh in

Roman Hasley
Roman Hasley
SuperRare $730,000 exploit was easily preventable — Experts weigh in

Crypto Platform Suffers Exploit Despite Code Audits

NFT trading platform SuperRare falls victim to nearly $730,000 exploit due to basic smart contract vulnerability.

The Exploit

On Monday, NFT trading platform SuperRare (NFT) suffered a significant security breach. Cybersecurity firm Cyvers reported that a staking contract vulnerability allowed approximately $731,000 worth of the platform’s native RARE tokens to be stolen.

Relevant code in the SuperRare token staking contract. Source: Cointelegraph screenshot
Code line highlighting the critical permissions error that allowed any address to modify protected functions.

Anatomy of the Vulnerability

The core issue stemmed from a critical coding error in a function designed to restrict Merkle root modifications – a vital mechanism controlling user staking balances. Paradoxically, the logic was incorrectly implemented, allowing any interacting address to manipulate this function instead of being limited to designated addresses.

Block explorer data confirmed 61 wallets were impacted by the exploit. While SuperRare co-founder Jonathan Perkins confirmed that core protocol funds remained secure, affected users were assured they would be fully compensated.

Expert Opinions

“ChatGPT would’ve caught this, any half competent Solidity dev would’ve caught this.”
– 0xAw, Lead Developer (@AlienbaseDEX)

Security experts pointed to inadequate testing practices as the primary factor enabling the breach:

  • Unit test failure: Senior blockchain engineer for NM stated the vulnerability would have been caught during standard unit testing.
  • Bug detection: Testing with OpenAI’s o3 model revealed it successfully identified the flaw.
  • Preventative measures: ChatGPT analysis and manual review point to standard testing methodologies as the most reliable detection method.

Lessons in Security Practices

The incident highlights consistent security failures:

  1. Standard unit testing would have flagged the flawed permission logic.
  2. Automated security audits, employed by SuperRare as the contract was assessed, failed to catch the basic issue.
  3. The complexity of SC systems can mask simple logic errors, even critical ones.

SuperRare CEO acknowledged, “It’s a painful reminder of how even small changes in complex systems can have unintended consequences.”

Industry Response

In the immediate aftermath:

– Token holders in affected wallets received full compensation.
– The company announced strengthened protocols requiring mandatory recertification for all post-audit modifications, regardless of scale.
– Experts emphasize this as a classic case highlighting the industry-wide need for rigorous testing, especially in staking contracts.

“This stands as a stark reminder: in decentralized systems, even a one-character mistake can have severe consequences.”
– Slava Demchuk, AMLBot CEO

Snoop Dogg’s Telegram ‘gifts’ sell out in 30 minutes: NFTs back?
‘A New Frontier’: DeLorean Launches On-Chain Car Marketplace With Patrick Stewart
OpenSea expands beyond NFTs with OS2 public rollout
Yuga Labs looks to replace ‘unserious’ ApeCoin DAO with new ApeCo entity
Trump memecoin wallet in ‘absolute chaos’ as family org unaware of launch
Share This Article
Previous Article Pyth Network brings Hong Kong stock prices onchain for global access Pyth Network brings Hong Kong stock prices onchain for global access
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image
Popular News

You Might Also Like