The ERC-721 introduces a standard for NFT, in other words, this type of Token is unique and can have different value than another Token from the same Smart Contract, maybe due to its age, rarity or even something else. Read more about NFT here.
This Repository contains a list of NFT Attack Vectors. The recent rise in popularity of these NFTs is due to a lack of information available both offline and online, making them a popular target for scammers and hackers. Below are some NFT attack vectors which hackers/scammers generally use to exploit. This repository will be actively maintained and updated by QuillAudits.
If you find any attack vectors missing, you can create a pull request and be a contributor of the project.
| Serial No. | Attack Vectors |
|---|---|
| 1 | NFT Swap Scams |
| 2 | 'Trojan Horse' NFTs |
| 3 | Impersonation Scams |
| 4 | Rug Pull |
| 5 | NFT Duplicity |
| 6 | Recovery Scams |
| 7 | Wash Trading |
| 8 | Flash Loans |
| 9 | Spoofing |
| 10 | Ramping the Market |
| 11 | Fake News |
| 12 | Bots |
| 13 | Bugs in Platforms |
| 14 | Influencer/ Shilling |
| 15 | Unlimited Permission on Token Approval |
| 16 | Unsafe ERC721 Operations |
| 17 | Reward Not Updated |
| 18 | Code Exploits |
| 19 | Private Key Compromise |
| 20 | Airdrop Exploits |
| 21 | API Exploits |
| 22 | NFT Social Media Hack |
| 23 | Phishing Scams |
| 24 | Frontend Attacks |