After it was said that the airdrop worked, the smart contracts for the Blur NFT marketplace are now being looked at.
The user @0xQuit on Twitter did an analysis of the Blur NFT contracts as a follow-up to the thread he started about the Blur airdrop.
Read on to learn more about how the evaluation of the contract turned out.
What Can We Learn From the Contract Review’s Results?
In the first discussion thread about the airdrop, @0xQuit talked about the steps that must be taken to get the airdrop.
One of these things that needed to be done was to list an NFT. People who used the Blur NFT marketplace had to sign a contract that hadn’t been checked yet.
@0xQuit told users that they should submit a low-tier, low-value NFT to finish this stage.
After more research, it was found that Blur’s request for clearance was for contract number 0x00000000000111AbE46ff893f3B2fdF1F759a8A8.
This contract is the only one on the exchange that can handle token transfers. Other online markets, like OpenSea and LooksRare, have almost the same code.
At their most basic level, these contracts are very similar to “modular parts with the very specific goal of moving tokens.”
For example, the code for LooksRare says that only LooksRare will be able to move different tokens between the exchange and the marketplace if the contract is approved.
On OpenSea, a process very similar to this one is used, but “conduit controllers” are in charge of adding channels that make movement and movement transfers possible.
For OpenSea or LooksRare users to agree to contracts, they must have a lot of trust in the services. @0xQuit has two main concerns about Blur.
The first problem is that when their code is used, identical conduits only check the calling thread to see if it has permission to move tokens.
This means that the person who owns the smart contract can still add new addresses to the mapping and take tokens out at any time. Blur is still pretty new, so it hasn’t proven itself as a reliable marketplace yet.
The so-called “exchange contract,” which can be moved on its own, was also a source of disagreement. In other words, people would never really know what they were agreeing to.
Solutions That Might Work
In light of these two flaws, the owner of the marketplace, @Pacman Blur, has given customers his word that they are safe.
The contracts have more than one signature, and @0xQuit is also in charge of making sure they are correct. @0xQuit also suggested a couple of possible solutions.
The first is to finish the BlurExchange contract in a way that makes it impossible to upgrade.
The other party is giving up control of the ExecutionDelegate to make sure that no other contracts are ended or added.
In response, @Pacman Blur wrote on Twitter that these problems are similar to the contracts at OpenSea and X2Y2.
On either of these platforms, other callers can be added to the contracts at any time by anyone.
Besides that, he said that both dedbaub and code4rena had finished their security audits of the market.
He also said, “I think your ideas are good, and we’ll definitely think about ending the exchange contract at some point in the future.”
Having said that, it is impossible to reach a level of security that is 100 percent safe.
There are always many ways to get hurt, from the physical to the digital to the hardware.
For More Stocks And Investment News, Click Here.