Wipe out any listing signatures to the Seaport / Wyvern contracts
If you’ve been following my content for a while now, you know I’ve been talking about Seaport / Wyvern drainers.
That type of scam lists all your pre-approved NFTs to a contract for 0 ETH to a scammers' wallet.
I kindly present you the NUKE SWITCH for signatures that might take advantage of your already approved collections to OpenSea.
Seen this kind of request on a mint / claim website and possibly signed it?
Yikes! Hurry up, we got this!
You guys know me by now, I’m almost always doing this as a video too to explain a bit more in detail. Here’s the YT link if you want to listen and learn.
By the way: Yes, it’s possible to steal multiple NFTs from different, approved collections with a signature scam like the above.
The signature offers ALL of your current approved collections (to a contract like OpenSea Seaport / Wyvern) for a 0 ETH private sale to the malicious wallet / contract. This affects the wallet address you’re signing the request with.
My suggested way to handle this in July 2022 was:
Remove all unused approvals — so they can’t take advantage of those.
This still holds true for those, you don’t use at the moment.
Foremost for the “OwnableDelegateProxy” or “OpenSea (Old)” ones because that’s the OpenSea Wyvern protocol that expires slowly.
BUT we got a solution to an already signed listing signature!
To do this, we need to write to the OpenSea contract on etherscan.io — and I will walk you through it!
Contract addresses:
OpenSea Seaport 1.1
0x00000000006c3852cbEf3e08E8dF289169EdE581
OpenSea Wyvern Exchange v2 (old) 0x7f268357A8c2552623316e2562D90e642bB538E5
On Etherscan, search for the contract address you want to invalidate / nuke all your listing / order signatures to.
For the OpenSea Seaport 1.1 contract:
Click on Contract > Write contract. Connect your wallet (green bubble).
Navigate to “incrementCounter” (on the Wyvern v2 contract, this is called incrementNonce).
What this will do: Cancel all orders / listings from a given offerer with a given zone in bulk by incrementing a counter.
For the OpenSea Wyvern Exchange v2 (old) contract:
Click on Contract > Write contract. Connect your wallet (green bubble).
Navigate to “incrementNonce” (on the SeaPort contract, this is called incrementCounter).
What this will do: Cancel all orders / listings from a given offerer with a given zone in bulk by incrementing a counter.
Simplified:
This increments a nonce, which is a random number only used ONCE — to prove, that data has only been submitted once to the blockchain.
This will make ALL of your previous listings / offerings to the contract INVALID! Why?
Once you connected your wallet to etherscan.io and hit that write button, you will generate, a “newer, fresher” nonce that gets written to the blockchain.
If someone tries to act on your old “malicious offer signature” they tricked you into — it gets rejected because the nonce on the “malicious” signature doesn’t match with the newest one.
Once you click write, this will call a transaction on chain, confirming it will cost a small gas fee. Now all listings to the specific contract from this wallet address are INVALID!
Congrats, that’s it! You nuked all your listings to the contract you’ve just written to. Whether it was a malicious listing signature or not, the offers can not be executed anymore.
You can start fresh from here and pay ATTENTION to what you’re signing.
Thanks for your time — Stay safe!
Special thanks to 0age — the maindev of the SeaPort protocol, who helped me create this How To.
Original source — My Twitter 🧵:
