Uncovering NFT Domain-Specific Defects on Smart Contract Bytecode

【Author】 Ma, Zuchao; Jiang, Muhui; Luo, Xiapu; Wang, Haoyu; Zhou, Yajin

【Source】IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING

【影响因子】6.791

【Abstract】The peak of monthly trade volume of NFT (non-fungible token) has reached $4.95 billion USD in August 2023, which shows the hot trend and the potential significance of NFT. However, the smart contract responsible for managing NFT may contain defects, which can be exploited by attackers to cause severe damage to victims. We take the first step to systematically analyze three kinds of defects on NFT contracts, namely fragile NFT binding, non-compliant implementation, and implanted backdoor. In particular, we propose Emerium, the first extensible detection framework for capturing these defects by inspecting the bytecode of smart contracts. We conduct extensive experiments to evaluate Emerium, and the experimental results show that it can detect the aforementioned defects with 0.83 and 0.89 F-measure for ERC-721 contracts and ERC-1155 contracts, respectively. Applying Emerium to 87,839 ERC-721 and 9,808 ERC1155 NFT contracts of real world, we uncover 44,863,255 defects of fragile NFT binding, 1,373 defects of non-compliant implementation, and 105 defects of backdoor (also with a new CVE).

【Keywords】Nonfungible tokens; Smart contracts; Metadata; Semantics; Security; Standards; Runtime; Source coding; Codes; Uniform resource locators; Defect; smart contract; NFT; blockchain

【发表时间】2025 SEP

【收录时间】2025-09-11

【文献类型】

【主题类别】

--