One line of code could have ruined entire collection
According to minting smart contract data from the world’s largest NFT collection, Bored Ape Yacht Club, the owner of the contract-linked wallet is currently able to mint a infinite quantity of NFT coins.
The “vulnerability”
As the function “reserveApes” in the contract suggests, it should “Set some Bored Apes aside” but, in fact, the function allows minting of 30 apes at a time without even paying network fees of 0.08 ETH. But the main problem is that the function allows the infinite minting of the collection.
The code was probably “left open” accidentally, and there should be some other function that would prevent the “reserveApes” function from being repeated by the owner. As the on-chain data suggests, the account ending in “EE4D03” is still active and could produce more monkeys.
In addition to the function that could potentially ruin the floor price of the whole collection, the wallet has the authority to change the metadata tied to each existing non-fungible token within the collection.
But while the exploit still exists in the code, it’s still possible to avoid an unpleasant situation by calling the function to relinquish ownership.
NFT industry going through a tough period
Previously, numerous NFT-related exploits took place in the space with the biggest NFT marketplace, OpenSea, facing a technical problem with their API that allowed a user to buy and sell non-fungibles for cheaper prices and then sell them for the market price.
Later, the hackers managed to steal eight NFT coins from the market by again exploiting the vulnerability. The stolen pieces were linked to collections like Cool Cat and Bored Ape Yacht Club. The hacker’s wallet was valued at $117,000.
