Conversation

Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
Following my previous tweet (twitter.com/yakirrotem/sta), here is a 🧡about the
@opensea
bug. 1/
Quote Tweet
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
** Urgent ** There is an @opensea devastating bug that will keep old listing and allow exploiters to buy the NFT using their API. Immediate action is to move your NFT to a new wallet or wallet without any previous listing. I will add a 🧡about it very soon
Show this thread
98
Retweets
48
Quotes
219
Likes
68
Bookmarks
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
The way OS works, is by having their marketplace conduct off-chain to save gas. When you list an item for sale (or bid) you are signing data that validate that you are willing to sell your NFT at this price 2/
1
20
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
The signature is saved in
@opensea
's DB off-chain and when someone wants to buy your NFT, they will send to their smart contract your previously signed data where the signature and sale information (such as expiration & price) are validated on-chain before making the transfer 3/
Image
Image
Image
Image
3
37
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
When you cancel a listing, you are require to preform a transaction, why you might ask? the reason is that someone might save your signed listing (which are public - i.e orders.rarible.com or even their API) and use it later, even if the listing got removed from the UI 4/
1
11
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
So the transaction on-chain will save the fact that you canceled this sale on their smart contract and even if someone will try to use your signed data from before, the on-chain validation will reject the sale. 5/
Image
Image
1
10
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
So what is this bug and how to avoid it? the bug stems from the fact that previously you could re-list an NFT without canceling it (which you can't now) and all the previous listing are not canceled on-chain, this is why re-listing will NOT work 6/
Image
1
8
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
Furthermore, transferring a previously listed NFT to back to the wallet that listed it, will not prevent you from this bug. Re-list will not help you too (unless you made sure you cancelled all previous listing) 7/
Image
1
13
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
Another big problem that
@opensea
has, is that they don't have order nonce, so even if you made a listing 6 months ago then made another one 4 months ago & canceled it after 1 day, the first list is still valid and may not be visible on the UI 9/
1
10
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
To sum up, previously, you could have re-list an NFT without canceling the previous list. Sometimes but not always, If you cancel your new listing, the old one will not appear on the UI but is still valid 11/
1
9
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
On a personal note, as a DeFi developer with a lot of experience with NFTs,
@opensea
is an old product. Slow, bad UX, with old smart contracts code which makes you pay much more gas than you should and not beneficial for traders. Furthermore, they have dangerous bugs 15/
2
49
Rotem Yakir πŸŠπŸŒοΈβ€β™‚οΈ
@yakirrotem
@LooksRareNFT
is a new player with bugs too (not financial bugs but still), less features and less listings, however, they have a great potential to make our lives easier and safer. I believe that we as a community need to give them a chance to grow 16/
2
27