What happened?
The NFT marketplace SuperRare experienced a security breach in its RareStakingV1 contract, leading to the drainage of 11.9M RARE tokens due to a faulty permission check. Despite this, the core functionalities and underlying contract of the $RARE token remained secure and uncompromised. The exploit occurred through the “updateMerkleRoot” function, which intended to restrict updates but allowed unauthorized modifications.
Who does this affect?
This breach impacts participants using SuperRare’s NFT curation and staking mechanisms, particularly those involved with the RareStakingV1 contract. Artists and curators relying on staking for rewards may also experience disruptions or potential losses. Moreover, the broader NFT community might feel the effects due to decreased confidence in staking contracts’ security from incidents like this.
Why does this matter?
This incident surfaces just as the NFT market shows signs of resurgence, with trading volumes and market value rising significantly. A vulnerability in a prominent NFT marketplace like SuperRare can shake investor confidence, potentially affecting market momentum and participation levels. While many NFTs are priced in Ethereum, the market’s overarching trust in smart contracts is crucial for sustaining growth and attracting new investors.