This article discusses NFT security and is the fourth in our series of articles introducing NFTs from a technical point of view.
By Qin Wang (Swinburne University of Technology & CSIRO Data61 ) and Rujia Li (Southern University of Science and Technology & University of Birmingham)
The NFT system is a combination technology that consists of blockchain, storage, and web application. Security evaluation in the NFT system is challenging since each component may become an attacking interface that makes the whole system vulnerable to an attack. The STRIDE threat model well fits the evaluation. The model covers all security aspects of a system: authenticity, integrity, non-repudiation, availability, and access control.
Spoofing – Spoofing represents the ability to impersonate another entity (for example, another person or computer) in the system, which corresponds to authenticity. When a user interacts to, mints or sells NFTs, a malicious attacker may exploit authentication vulnerabilities or steal the user’s private key to transfer the ownership of NFTs illegally. Users can use cold wallets to save their private key pairs and protect their identities not being faked by others.
Tampering – Tampering refers to the malicious modification of NFT data, which violates integrity. Assume that the blockchain is a robust public transaction ledger and a hash algorithm is preimage resistance and second preimage resistance. The metadata and ownership of NFTs cannot be maliciously modified after the transaction is confirmed. However, the data stored outside the blockchain may be manipulated. Thus, users should keep in mind to safely protect the data maintained by themselves.
Repudiation – Repudiation refers to the situation where the author of a statement cannot dispute, which is related to the security property of non-repudiability. In particular, the fact that a user sends NFTs to another user who cannot refuse them. This is guaranteed by the security of the blockchain and the unforgeability property of a signature scheme. However, the hash data may be tampered with by a malicious attacker, or the hash data may bind to an attacker’s address. Using a multi-signature contract can solve this issue since each binding signature must be confirmed by more than one participant.
Information disclosure – Information leakage occurs when information is exposed to unauthorized users, which violates confidentiality. In the NFT system, the state information and the instruction code in the smart contracts are entirely transparent, and any state and its changes are publicly accessible by any observer. Even if the user only puts the NFT hash into the blockchain, the malicious attackers can easily exploit the linkability of the hash and transaction. Using privacy-preserving smart contracts is recommended instead of plain ones to protect the user’s privacy.
Denial of Service (DoS) – A DoS attack is a type of network attack in which a malicious attacker aims to render a server unavailable to its intended users by interrupting the normal functions. DoS violates the availability and breaks down the NFT service, which can indeed be used by unauthorized users. Fortunately, the blockchain guarantees the high availability of the users’ operations. Legitimate users can present the required information when needed and will not lose data resources due to accidental errors.
Elevation of Privilege – Elevation of Privilege is a property that is related to authorisation. In this type of threat, an attacker may gain permissions beyond those initially granted. In the NFT system, the selling permissions are managed by a smart contract. A poorly designed smart contract may make NFTs lose such properties. To avoid logic flaws, a careful check of the smart contract is necessary before deployment.
NFT seems to confront some security uncertainty that requires further exploration in the academic track, but from the current view, they are sufficiently secure for normal users with attempts to get involved in the game. NFT-based products can serve for a long-term running unless the underpinned platform (e.g. Ethereum) shuts down. But we all know this will happen with negligible probability in real-work scenarios. Compared to worries about system-level threats, people may get losses due to their aggressive financial behaviour such as buying some worthless NFTs. Our kind suggestion is very conservative: try to mint, buy and trade NFTs through some well-known platforms. This at least ensures that your NFT will permanently exist in the world.
Qin Wang is a researcher focusing on blockchain technology, covering sub-fields of consensus protocols, security, and blockchain economies. More information refers to his homepage https://qinwang.tech/.
Rujia Li is a blockchain researcher with interests on privacy-preserving smart contracts and FinTech. More information can be found at https://rujia.uk/.
Read More: Standards surrounding NFTs