This project demonstrates how OpenSea administrators can take any tokens minted on the OpenSea Shared Storefront. This is a previously-undocumented backdoor.
Is this what artists expected when they decided to mint with OpenSea?
Background
OpenSea Shared Storefront is the ERC-1155 contract deployed on Ethereum Mainnet. If you try to create an NFT using the OpenSea website and follow all the default options without creating your own smart contract, this is where your NFT will go.
At time of writing, this contract holds NFTs “owned” by 600k+ accounts.
There are about 1 million transactions against this contract.
OpenSea administrators maintain control over this contract such that they can take, or freeze, anybody’s NFT at any time. The contract’s source code is not published and this control ability is not disclosed anywhere in OpenSea’s terms of service or documentation.
OpenSea’s level of control should be considered “signature authority” over the assets, for US FinCen purposes and this makes OpenSea administrators capable of executing civil asset seizures/forfeitures requested by governments.
Demonstration
I published a project showing you exactly how to perform these asset seizures.
This project allows you to make a live copy of Ethereum Mainnet, execute some transactions as if you were OpenSea (even though you don’t know their private key) and examine the outcomes.
You should see some information printed and proof that the token was transferred even though the “owner” did not wittingly authorize it.
If OpenSea administrators run this same transaction with their real private key this token would be transferred for real. (What you are seeing is a local copy of this transaction which ignores the fact that it is invalid for want of the correct private key.)
The above paragraph is a brief simplification. OpenSea Shared Storefront has recently changed from a single owner, to a Gnosis safe. No difference, to execute this transaction OpenSea administrators need to use only a slightly different process.
Is OpenSea violating US Treasury OFAC/SDN sanction requirements?
Is OpenSea subverting sanctions by allowing sanctioned entities to hold digital assets that OpenSea has the ability to seize?
In their privacy policy, they already state that customer’s personal data can be used to comply with investigations by law enforcement and for other reasons.
But are they using this ability to seize tokens? And since OpenSea is obligated to stop transactions with sanctioned entities from the OFAR/SDN lists, are they using this ability to comply with this requirement?
To answer this question, I reviewed the historical list of OpenSea Shared Storefront token holders and then current OFAC/SDN sanctions lists to find if OpenSea has effectively stopped sanctioned entities from putting through transactions. Too much for this post, so stay tuned for a follow up post here.
How do decompile and study smart contracts
Because OpenSea did not publish the source code for this contract, it was necessary for me to decompile it to study it. If you would ever like to try the same approach with other popular but unverified smart contracts, below are some basic notes on the approach.
Here are some notes about how to effectively decompile and study smart contracts, read the Matrix. I recommend doing this on paper with color pencils/highlighters. You might have to take a lot of notes and this helps.
- Use Online Solidity Decompiler.
- Remove top-level
contract
, reduce indent, paste into MS Word or similar
Since OpenSea general produces intentional code, I was only looking for backdoors, code paths that results in a SSTORE
.
- Replace
revert.*;
toREVERT
- Replace ` var.\W+REVERT.
and
memory.*\W+REVERTto
REVERT`, go back and forth a few times - In
main
function - Find dispatches that result in
return
, replace withreturn; // does not change state
- On dispatch, mark in red any called function/goto
- On red things, mark in red any called function/goto, repeat
- Delete everything not red
You have completed the easy steps. Go to bed and do the rest steps with full brain power.
Acknowledgements
- Contract decompilation (easier than reading straight bytecode) provided by https://ethervm.io/decompile
- Tracing each
SLOAD
andSTATICCALL
while playing with contracts provided by @sohamzemse in hardhat-tracer, running on @HardhatHQ Hardhat.
Reading circle questions
- For artists, does this shared ownership with OpenSea affect your interest in publishing with them?
- Does OpenSea’s ability to take tokens count as “ownership” in the same way that the token’s buyer is considered an “owner”?
- Is OpenSea’s implementation compliant with ERC-1155’s transfer and approval specifications?
- Is it necessary for a large company to publish their smart contract’s source code even when many people won’t read it?
▧
Comments
The official X thread
@fulldecent
Why didn't OpenSea publish this smart contract?
@fulldecent
Reverse engineering bytecode, Ben Affleck style, no paycheck
@fulldecent
Please discuss this topic anywhere and let me know any great comments or media coverage I should link here.