Nftperp Clearing House Critical Bug

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 13:41, 18 September 2024 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/nftperpclearinghousecriticalbug.php}} {{Unattributed Sources}} thumb|nftperp Logo/Homepagenftperp is a perpetual futures decentralized exchange (dex) for NFTs, allowing users to speculate on floor prices of popular projects like Bored Ape Yacht Club and CryptoPunks. Recently, the platform identified a critical bug in its clearingHouse contract, prompting the susp...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

nftperp Logo/Homepage

nftperp is a perpetual futures decentralized exchange (dex) for NFTs, allowing users to speculate on floor prices of popular projects like Bored Ape Yacht Club and CryptoPunks. Recently, the platform identified a critical bug in its clearingHouse contract, prompting the suspension of vulnerable contracts. However, all lost funds were recovered, and efforts are underway to resume trading and withdrawals.[1][2][3][4][5][6]

About nftperp

"Long or short NFTs. nftperp is a perpetual futures dex for NFTs."

"What is nftperp? Think you can predict the floor prices for CryptoPunks, Bored Ape Yacht Club, Doodles, and other blue-chip NFT projects?

NFTs have become a huge part of web3. Whether you’re in it for the tech, the art, or just to be part of the amazing communities, NFTs are here to stay.

However, with nftperp, you can now speculate on the floor prices of NFT projects including Bored Ape Yacht Club, CryptoPunks and more.

Are these projects “WAGMI” or “NGMI”?

Put your trading cap on and find out!"

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"On June 14, NFT perpetual contract trading platform nftperp announced on Twitter that a critical bug had been found in the clearingHouse contract."

Key Event Timeline - nftperp Clearing House Critical Bug
Date Event Description
June 13th, 2024 5:05:00 PM MDT Twitter Announcement The nftperp account announces a critical bug being discovered in the clearingHouse contract. The contract has been suspended.
June 17th, 2024 10:52:00 PM MDT Market Relaunch Announced The relaunch of the market is announced on Twitter.
June 18th, 2024 9:09:00 AM MDT Incident Report On Discord The nftperp team announces that the have released the full incident report through their discord channel.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

200+ ETH x $3,469.28 = 693856

The total amount lost has been estimated at $694,000 USD.

Immediate Reactions

"On June 14, NFT perpetual contract trading platform nftperp announced on Twitter that a critical bug had been found in the clearingHouse contract. All vulnerable contracts have been suspended until further notice. On June 15, nftperp stated that all funds lost due to the vulnerability had been successfully recovered. The developers are currently prioritizing the resumption of the contracts so trading and withdrawal can go live."

"We've identified a critical bug in one of our contracts (clearingHouse) - all vulnerable contracts have been paused until further notice. Our team is actively assessing the situation and will provide updates shortly."

Ultimate Outcome

"@nftperp was compromised yesterday for 200+ ETH and has successfully retrieved ALL the funds.

Funds were also returned on Munchables and @BloomOnBlast by the person who did the exploit.

Anecdotally it really like a new paradigm where more and more exploits are being returned. Have things changed, @zachxbt?

Either way, I am happy to see it."

"According to Odaily, NFT perpetual contract trading platform, Nftperp, has announced the recovery of all funds lost due to a previously discovered vulnerability. The developers are currently prioritizing the restoration of contracts to ensure normal trading and withdrawal operations.

Due to some differences between the marked prices and index prices, the team is seeking a safe method to resume trading and is about to release a detailed account of the events that occurred in the past 20 hours."

Total Amount Recovered

All funds.

The total amount recovered has been estimated at $694,000 USD.

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Accessed Jun 20, 2024)
  2. @spreekaway Twitter (Accessed Jun 21, 2024)
  3. https://www.binance.com/en/square/post/2024-06-15-nft-perpetual-contract-trading-platform-nftperp-recovers-lost-funds-due-to-vulnerability-9490450326769 (Accessed Jun 21, 2024)
  4. nftperp recovered the funds lost due to the previous vulnerability and is restoring trading and withdrawal services (Accessed Jun 21, 2024)
  5. @nftperp Twitter (Accessed Jun 21, 2024)
  6. https://coinmarketcap.com/currencies/ethereum/historical-data/ (Accessed Dec 21, 2021)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Nftperp_Clearing_House_Critical_Bug&oldid=6060"