Non-fungible tokens (NFTs) drive the prosperity of the Web3 ecosystem. By May 2024, the total market value of NFT projects reached approximately 69 billion USD. Accompanying the success of NFTs are various security issues, i.e., attacks and scams are prevalent in the ecosystem. While NFTs have attracted significant attention from both industry and academia, there is a lack of understanding of the kinds of NFT security issues. The discovery, in-depth analysis, and systematic categorization of these security issues are of significant importance for the prosperous development of the NFT ecosystem. To fill the gap, we performed a systematic literature review related to NFT security, and we identified 176 incidents from 248 security reports and 35 academic papers until May 1st, 2024. Through manual analysis of the compiled security incidents, we have classified them into 12 major categories. Then we explored potential solutions and mitigation strategies. Drawing from these analyses, we established the first NFT security reference frame. Except, we extracted the characteristics of NFT security issues, i.e., the prevalence, severity, and intractability. We have indicated the gap between industry and academy for NFT security, and provide further research directions for the community. This paper, as the first SoK of NFT security, has systematically explored the security issues within the NFT ecosystem, shedding light on their root causes, real-world attacks, and potential ways to address them. Our findings will contribute to the future research of NFT security.
Fri 26 JulDisplayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change
10:45 - 12:00 | Session 1 - Smart Contract SecurityResearch Track at The ballroom B Chair(s): Ruidong Zhang University of Wisconsin-Eau Claire | ||
10:45 15mPaper | ACOFuzz: an Ant Colony Algorithm-based Fuzzer for Smart Contracts Research Track Peixuan Feng Henan Key Laboratory of Network Cryptography Technology, Wenrui Cao Henan Key Laboratory of Network Cryptography Technology, Siqi Lu Henan Key Laboratory of Network Cryptography Technology, Yongjuan Wang Henan Key Laboratory of Network Cryptography Technology, Haoyuan Xue Henan Key Laboratory of Network Cryptography Technology, Runnan Yang Henan Armed Police Corps Hospital | ||
11:00 15mPaper | DelegateTracker: Delegatecall Vulnerability Detection Tool Based on Read-Write Data Flow Capture Algorithm Research Track Peixuan Feng Henan Key Laboratory of Network Cryptography Technology, Wenrui Cao Henan Key Laboratory of Network Cryptography Technology, Siqi Lu Henan Key Laboratory of Network Cryptography Technology, Yongjuan Wang Henan Key Laboratory of Network Cryptography Technology, Xiangyu Wang Henan Key Laboratory of Network Cryptography Technology, Runnan Yang Henan Armed Police Corps Hospital | ||
11:15 15mPaper | SoK: On the Security of Non-Fungible Tokens Research Track Kai Ma , Jintao Huang Huazhong University of Science and Technology, Ningyu He Peking University, Zhuo Wang , Haoyu Wang Huazhong University of Science and Technology | ||
11:30 15mPaper | To Healthier Ethereum: A Comprehensive and Iterative Smart Contract Weakness Enumeration Research Track Jiachi Chen Sun Yat-sen University, Mingyuan Huang Sun Yat-sen University, Zewei Lin Sun Yat-sen University, Peilin Zheng Sun Yat-sen University, Zibin Zheng Sun Yat-sen University | ||
11:45 15mPaper | DeFi Risk Assessment: MakerDAO Loan Portfolio Case Research Track Ignat Melnikov Skolkovo Institute of Science and Technology; Blockchain Laboratory, Sberbank PJSC, Irina Lebedeva Skolkovo Institute of Science and Technology, Blockchain Laboratory, Sberbank PJSC, Artem Petrov Blockchain Laboratory, Sberbank PJSC; Blockchain Department, Moscow Institute of Physics and Technology, Yury Yanovich Skolkovo Institute of Science and Technology; Faculty of Computer Science, HSE University |