OpenSea launches new contract compensation system to protect against recent bugs

On Thursday evening, blockchain platform OpenSea launched a new system that will help users weed out unclaimed sales offers, which is expected to roll out over the next two weeks. In an announcement post, CEO Devin Finzer described the changes being made to “ensure that old inactive listings expire.”

The move comes after a bug that allowed attackers to exploit old contracts to buy tokens for hundreds of thousands of dollars below market price. In one particularly noted case in January, a Bored Ape Yacht Club token was purchased for less than $2,000 and immediately resold for over $192,000.

The bug resulted from the way the OpenSea platform interacted with the Ethereum blockchain, often saving gas fees by listing offers locally rather than encoding them into the larger chain. An oversight in this system has sometimes allowed old contracts to linger on the blockchain without appearing in the OpenSea interface. By bidding against these contracts, which were often several years old, attackers could take advantage of very outdated prices, usually catching token owners by surprise.

As described by OpenSea, the new system will allow users to cancel any unfulfilled contracts while incurring minimal gas charges. A separate change aims to make signatures clearer, hopefully preventing users from confusing contract terms in the future. Full deployment of the new system is expected to take 15 days, after which users will be prompted to switch their accounts to the new system.

The largest NFT trading and auction platform, OpenSea has enjoyed immense success during the recent boom. At the same time, the company struggled to secure and moderate the influx of new business into the market. A recent Chainalysis report revealed low but growing money laundering activity in NFT markets, although the issue is not specific to OpenSea.