FREE NFT Development Smart Contract Security Questions and Answers

Question 1

An NFT contract has a public `mint()` function that anyone can call. Which of the following is the MOST critical security vulnerability this presents?

Accepted Answer

Unauthorized creation of NFTs, potentially exceeding the intended `MAX_SUPPLY`.

Answer

Reentrancy attack during minting.

Answer

Denial-of-service by exceeding the block gas limit.

Answer

Inaccurate royalty payments due to manipulated token IDs.

Question 2

A developer is creating an NFT with rarity traits determined at mint time. They use `keccak256(abi.encodePacked(block.timestamp, msg.sender))` as the source of randomness. What is the primary security risk associated with this approach?

Accepted Answer

The result is predictable, allowing miners or attackers to influence or front-run the minting of rare NFTs.

Answer

It is computationally expensive, leading to high gas costs for minters.

Answer

The `msg.sender` can be easily spoofed by malicious contracts.

Answer

It may cause transaction reverts if `block.timestamp` is the same for multiple transactions.

Question 3

An NFT marketplace contract allows users to withdraw their earnings. The function first sends the user their ETH and then updates their internal balance to zero. Which vulnerability is this pattern most susceptible to?

Accepted Answer

Reentrancy

Answer

Integer Underflow

Answer

Signature Malleability

Answer

Unchecked External Call

Question 4

A developer working on an NFT contract using Solidity `^0.7.0` implements a `batchMint(uint256 quantity)` function. The function calculates the total price as `quantity * MINT_PRICE`. If `quantity` is a very large number, which vulnerability could be exploited?

Accepted Answer

Integer Overflow

Answer

Denial-of-Service (DoS)

Answer

Reentrancy

Answer

Access Control Violation

Question 5

To prevent NFTs from being permanently locked, the `safeTransferFrom` function in ERC-721 performs a check on the recipient contract. What is the name of the function it calls on the recipient to ensure it can handle the token?

Accepted Answer

`onERC721Received(operator, from, tokenId, data)`

Answer

`canReceiveNFT(tokenId)`

Answer

`_checkOnTransfer(from, to, tokenId)`

Answer

`supportsInterface(interfaceId)`

Question 6

An NFT project implements a presale mint function that validates a user's eligibility by checking a digital signature provided by the project owner. To prevent an attacker from reusing a valid signature, which of the following is the most crucial element to include in the signed message?

Accepted Answer

A nonce or a usage flag.

Answer

The contract's address.

Answer

The `block.timestamp`.

Answer

The minter's gas price.