Cointime

Download App
iOS & Android

What Is Sleepminting And Will It Ruin NFT Provenance?

published 2021-04-22 by timdaub

Today, while browsing /r/ethereum, I stumbled upon an impersonation attack using NFTs called "sleepminting." I ended up taking a closer look as I wanted to understand the idea of the attack. Here's how it works.

The Bait

Oh, look, it's beeple's multi-million dollar piece "the first 5000 days" for sale on rarible. Check the screenshot, It clearly says "Creator: beeple." Wow, Metakovan must have gotten badly rekt having to sell that $69M combo-breaker for a handful of WEIs.

Please don't fall for it! It's a scam. Or shall I saw an art piece? That's right! Its creator, Monsieur Personne, that also goes by the self-proclaimed alter ego The Banksy of NFTs, deliberately minted the piece under beeple's name using a technique he calls sleepminting. Why? Because Monsieur is disappointed in NFTs. So how did he do it?

The Basics

NFTs are created using ERC-721 smart contracts. They the ownership record of NFTs as a list of pairs. One address and a piece's serial number make up a pair. Like this (I replaced "Bob" with "Booble"):

  • Alice: 1
  • Booble: 2
  • Malory: 3

Upon a sale, Alice can transfer her piece to Boople by:

  • transfer 1: Alice ==> Booble

Now, the list of pairs is updated as follows:

  • Alice:
  • Booble: 2, 1
  • Malory: 3

In Ethereum, we don't use clear names for identification but addresses. And we need to sign transfers to authorize them. But in the examples provided in this post I'll use clear names to simplify explaining.

Now, usually developers implement ERC-721 contracts in a reasonable way. As we expect Alice can then only transfer a piece if she owns it and can deliver a valid signature. But what happens if a developer doesn't respect this convention?

See, the ERC-721 standard is just a social contract that defines a interface to allow art platforms to interoperate. There's no criteria for what's a good and what's a bad implementation. As long as a contract's interface matches that of an ERC-721 contract, any machine is considering it as valid.

But, as we've now seen, that can lead to safety issues with NFTs' provenance on Ethereum. It can be tampered with!

The Attack

As I said, any reasonable ERC-721 contract would allow a minter only to mint to themselves and to only transfer the pieces they own.

But say we customize our ERC-721 contract such that we can mint to other accounts. And say that we adjust the transfer function so that our account can, in a minor exception, also transfer another person's pieces. Well then, we can build a contract that allows us to sleepmint pieces. So as the attacker Malory, we'd do the following: We'd mint a piece with the serial number 1 to Booble:

  • mint 1: address(0) => Booble (executed by Malory)

Now our pairs look as follows:

  • Alice:
  • Booble: 1
  • Malory:

Then, since Malory has adjusted the contract to transfer the piece with serial number 1 from Booble's account to any other account, she can offer it for sale on an NFT platform like rarible.

As she minted from address(0) to Booble as "Creator: Booble" is displayed.

Once Malory successfully deceived a buyer, she receives her Ethers and transfers the piece to the buyer:

  • transfer 1: Booble => Buyer (executed by Malory)

The updated ownership record now reads:

  • Alice:
  • Booble:
  • Malory:
  • Buyer: 1

And with that, Malory has successfully tampered with the NFT's provenance record to sell her piece for more than it's worth.

The Specifics

So is this attack breaking NFTs? Should you panic sell your collection of crypto punks? What about poor Metakovan. He rekt now?

I'd say no. Sure, rarible and Etherscan state wrongly that beeple has minted a piece that genuinely he didn't. However, that's more of an interface issue than it is a security vulnerability. Nobody ever had access to beeple's account.

Also, the impersonater can be spotted when taking a closer look at the origin transactions:

Let's take a closer look at these transactions.

For the mint transaction, we can see that Etherscan displays two "From" fields: One for which msg.sender sent the transaction and another one to state the NFT's sender.

For the transaction's from field, the msg.sender, it cannot be manipulated as it requires a valid signature from the sender's private key. The authorization of the "From" field for the NFT's sender is, however, subject to the smart contract's implementation and, hence, may not display authenticated information.

Simply put, the NFT's sender field could display any data an attacker picks.

Hence, to spot a sleepminted piece from an original, one has to check if both the mint transaction's sender and the NFT's sender match beeple's correct address. If not, it's a fake.

Conclusion

I love this attack. It's similar to rug pulling in that it also plays with the user's trust towards an online identity. We think, now that we use blockchain, all our web2 problems are gone. Every piece of data is authenticated and checked for authorization. But the truth is that these problems aren't gone. They've just shifted somewhere else.

We humans cannot reproduce cryptographic verification in our brains. Sure, we can be extra careful and only trust green checkmarks and lock symbols in user interfaces. But can we recompute hashes of files or the validity of a digital signature? No.

And so the rise of new attacks on web3 is inevitable. I for one am looking forward to learning from them.

NFT
Comments

All Comments

Recommended for you

  • Three men and women arrested for laundering more than 1.8 billion yuan from virtual currency trading platforms and bank accounts

    Hong Kong Customs broke up a money laundering syndicate and arrested three local suspects who are suspected of using virtual currency trading platforms and multiple local bank accounts opened by companies to process over 1.8 billion yuan of funds with unknown sources. Customs officials targeted the three suspects based on intelligence and launched a wealth investigation, discovering that the three individuals conducted over 1,000 suspicious transactions between June 2021 and July 2022 through the opening of multiple local companies and bank accounts, including the transfer of funds from virtual currency trading platforms, involving more than 1.8 billion yuan.

  • BTC halving countdown only 1 day left

    According to Ouke Cloud Chain data, there is only 1 day and 17 hours left until the BTC halving countdown, which is expected to occur on 2024/04/20. The current block reward is 6.25 BTC, and after the halving, the block reward will be 3.125 BTC. There are currently 253 remaining blocks, the current network hashrate is 587.96 EH/s, the network mining difficulty is 83.95 T, and the average block time is 9.94 min.

  • The total open interest of BTC options is $21.24 billion, and the open interest of ETH options is $9.42 billion.

    According to Coinglass data, the nominal value of open BTC option positions on the entire network is $21.24 billion, and the nominal value of open ETH option positions is $9.42 billion.

  • CZ launches testnet course on Giggle Academy

    CZ, the former CEO of Binance, announced the test network course of the recently launched education project Giggle Academy. CZ shared a video clip on his X account, which involved a course in an installable Android software package (Apk).

  • After the Bitcoin halving, new mining output will be reduced from 900 to 450 per day

    According to HODL15Capital's monitoring, after the halving of Bitcoin, its newly mined output will be reduced from 900 coins per day to 450 coins per day. Based on the current price, purchasing all of these new outputs would cost approximately $28 million.

  • BTC breaks through $62,000, and the intraday decline narrows to 2.96%

    According to market data, BTC has broken through $62,000 and is currently trading at $62,008.36. The intraday decline has narrowed to 2.96%, and the market is experiencing large fluctuations, so please be prepared for risk control.

  • Tether issued USDT worth $437 million yesterday

    Tether issued $437 million worth of USDT on April 17 and redeemed $142 million worth of USDT (a net increase of 295 million USDT in circulation). Approximately $100 million worth of USDT was issued to an address starting with 0x5c (suspected to be a Bitfinex forwarding address), and approximately $81 million worth of USDT was issued to an address starting with 0x77 (suspected to be Bitfinex wallet address 1).

  • Ordinals founder confirms that the Runes protocol only hard-codes rune number 0

    On April 18th, Casey Rodarmor, the founder of Ordinals, stated during a Discord community meeting that the Runes protocol only hardcodes the 0th rune, which is "UNCOMMON•GOODS". The other nine token names are not hardcoded into the Runes protocol due to a lack of good ideas. According to Casey's previous plan, the Runes protocol will hardcode the first 10 runes, which are numbered 0-9.

  • The Future of Culture is Tokenized

    How Culture Coins could be the future of Crypto.

  • NFT Futures: A New DeFi Primitive for a Cultural Based Asset Class

    NFT Futures apply the same concept of perpetual swaps to NFTs In doing so, it unlocks a more accessible and two-sided trading experience not available before in the NFT spot market. Although it is too early to judge, the potential value propositions offered by NFT futures have the potential to grow in the NFT market.