Smart Contract Auditing Should Not Be Optional. It Should Be Mandatory.
The alternative title for this article could have been “ The One Thing You Should Never EVER Launch Your NFT Collection Before Doing” because as Keir Finlow-Bates put it bluntly “ Nobody writes “ I will put a backdoor in your NFT Project” in their FIVVER profile title” !
Well, do I even need to write a full-fledged article when I’ve already made my point in the first sentence?
But as an NFT agency and Smart Contract Auditors Extraordinary, we have experienced firsthand how the audit step is often overlooked or dismissed, when, truly, what is at stake is colossal.
So today, we will dive into this subject to give you a taste of what choosing to opt out of an audit could mean for an NFT collection!
Vulnerabilities to External Threats
Security flaws. That’s what could kill your whole project.
You only need to have recruited a dev that doesn’t have a full understanding of how to build a solid and secure smart contract, to have a very lovely hacker or cybercriminal exploiting its security flaws.
And depending on the mastery of the hacker or ineptitude of the developer, it could cost you literally everything.
And fortunately,- but unfortunately to you in this case scenario-, the Blockchain is extremely securitized, meaning that what is done is extremely difficult to undo. If your project funds are drained, the probability of you getting them back is extremely low, honestly, inexistent.
And as we stressed in our article “One of The First Things Every NFT Project Should Do” , even if it’s the big bad hacker who went for their money, your (future-ex) holders will not look at him for accountability, they will look at you.
If as an NFT Project creator, you’re not even able to take the basic steps to ensure the safety of your holders, it is enough to create a breach of trust so profound that it could destroy the project you poured your everything into and could have a rippling effect on your future projects too, a stigma that will be hard to get rid of.
I mean on top of ruining you.
Not convinced yet?
When we speak of external threats, do you think “Pish posh, my collection is lowkey / in a niche, no hacker will mind me nor my project. So I’m good. I’m safe”. Even when entertaining the idea that you could be safe on the merit of flying under the radar, I’m truly sorry to announce that you could not be more wrong.
The Unexpected Insider Threat
Remember this quote “ Nobody writes “ I will put a backdoor in your NFT Project” in their FIVVER profile title”, well that’s what it is about.
If you or members of your core team are non-tech-savvy, you could be in for a hell of a ride!
You just grabbed one dev on Fiverr or someone you trust introduced you to a dev friend, he is in it since the beginning of the project, and somehow, navigating through the bear-market trenches together, going through the ups and downs, you have developed the web3 equivalent of a brother-in-arms relationship. Sometimes, you catch yourself thinking “ what a good bro he is”. And one day, you wake up post-mint, and money or ownership of your own contract is no more.
One very infamous, very realistic rendering of this scenario was what happened to “The Starslab” whose team had lost 200 eths of mint proceeds because of one tiny bit of code. And what made it so infamous was that the dev they employed had worked on 31 NFT projects that were at real risk of meeting the same fate! ( Full details here).
There have been quite a few very wild scenarios like this one that have been popping up here and there. And the worst is that sometimes these devs aren’t even ill-willed, they just make mistakes.
Mistakes that have very real and harmful consequences for you and your holders.
But these security flaws are no fatalities.
They’re not something you have to compose with and pray to the Blockchain God for the best.
Protecting yourself from vulnerabilities that could make these external and insider threats is possible, it’s called an audit.
And it shouldn’t be something that could be opted-out or an afterthought.
As an NFT project creator, you’re what is standing between threats and your project and holders.
You’re the very real incarnation of a Firewall.
It’s your duty to guard and protect.
And one of your deadly weapons is an audit, so use it!
About us
Nefture is a Web3 real-time security and risk prevention platform that detects on-chain vulnerabilities and protects digital assets, protocols and asset managers from significant losses or threats.
Nefture core services includes Real-Time Transaction Security and a Threat Monitoring Platform that provides accurate exploits detections and fully customized alerts covering hundreds of risk types with a clear expertise in DeFi.
Today, Nefture proudly collaborates with leading projects and asset managers, providing them with unparalleled security solutions.
Book a meeting 🤝 Nefture Calendly
