How Hackers Can Become “Lucky” in NFT Minting

NFT Minting

Commonly Found NFT Minting Mechanism

GachaMachine contract's roll() and _random() functions

Unlucky User Scenario

Lucky Hacker Presence

No More EvilContract

Improved GachaMachine with isContract() validation

Address.isContract() is Totally Inadequate

Common implementation for isContract()

EOA Check Wants to Join the Party

Additional checking for EOA

Seer Hacker

Solution

Conclusion

About Inspex

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store