Retiring Marketplace Contract

TL;DR — the OG SuperRare ERC721 marketplace contract is being retired. Owners that have current sales will be notified to upgrade on login. If you’re not specifically prompted, no further action is needed.

Intro

After almost 2 years, we are retiring SuperRare’s original marketplace smart contract. Here’s why.

How to Upgrade

All offers have been migrated from the to-be-retired marketplace contract, and only artworks with active sales will be affected.

For those with a listed sale price on the legacy marketplace contract, simply log into your SuperRare account where you will be prompted to disapprove marketplace sales.

This process will void the existing sale price. Once this is done, the owner will need to set a new sale price on the updated marketplace contract. Due to the non-custodial nature of the smart contracts, SuperRare Labs has no means by which to migrate the existing sales into the new contract. This means it needs to be done manually by the owner.

Simply head back to your collection and set a sale price in the same way you would before!

If you have any questions please reach out to our support or have a look through our Help Center.

Why Upgrade?

A white hat hacker named RStudios contacted SuperRare Labs with the suspicion of a vulnerability on the retired contract. They demonstrated that by accepting an offer on a token contract that had overridden the transferFrom function, they could perform a reentrency attack. This would have allowed a bad actor to drain funds from the contract by issuing a series of accept offer calls on the same token.

Thanks to RStudios, the SuperRare Labs team was able to act quickly to clear standing offers and no accounts were compromised in any way. For their contribution RStudios has been awarded a bug bounty and has our deep gratitude for helping ensure that SuperRare’s smart contracts remain air-tight for artists and collectors around the world.

At SuperRare Labs we are continuously contributing to the SuperRare Network and protocol. To do this we’ve partnered with Quantstamp to audit the marketplace and $RARE token drop smart contracts. We will continue working with best-in-class auditors as the network evolves and have recently launched a bug bounty program to incentivize more white hats to improve the SuperRare protocol smart contracts.

OG Marketplace Doesn’t Play well with Auctions

The new marketplace has been in use since the launch of the auction contract in December. However, switching the entire marketplace to new contracts all at once would have been very disruptive; all offers and sale prices would have been voided and a cold restart would have been required.

Instead we opted for a slower, graceful migration strategy. Only new offers and sale prices were set on the new contract, allowing the running sale prices and offers to stand. The downside to this strategy is that it required the tracking of sales on the original contract and manually updating the new marketplace so that royalties would be appropriately accounted for. We had intended to maintain this until everything had cleared off the original contract but we decided to accelerate things in April once we became aware of the vulnerability.

Now, we’re fully making the switch. While this process may feel tedious, it’s a necessary step to ensure the utmost security of both the network, and of your artwork.

Thank you for your patience as we undergo a network-wide push to ensure independent artists feel safe and secure when selling on SuperRare. If you have any additional questions or comments, feel free to hop in Discord and a member of the community will be there to help!