Vulnerability in OpenSea

After notifying OpenSea, the researchers confirmed that the vulnerability had been effectively resolved.

Use qr-code-generator to generate qr code for free https://alterdraft.com/qr-code-generator

The cybersecurity experts outlined their findings in a blog post, revealing that the OpenSea website contained a cross-site search vulnerability due to its lack of restrictions on cross-origin communication. The root cause of the issue was identified as the iFrame-resizer library.

The researchers explained that the iFrame-resizer library transmitted the page's width and height, allowing it to serve as an "oracle" to determine when a search query produced results. When the search yielded no results, the page would be smaller. By continually conducting searches on a user's assets across different origins through a tab or popup, an attacker could deduce the name of an NFT created by the user, thereby exposing their public wallet address. This information could then be used to link the user's identity with the leaked NFT and public wallet address. Ultimately, this flaw could lead to the exposure of victims' identities.

To exploit the vulnerability, an attacker would need to send a link to the victim through channels like email or SMS. Clicking on the link would inadvertently disclose valuable information, including IP address, user agent, device details, software versions, and similar data.

Subsequently, the attacker would leverage the cross-site search vulnerability to extract one of the target's NFT names. By connecting the leaked NFT/public wallet address with the targeted user, the attacker could potentially reveal the victim's true identity.

OpenSea promptly addressed the flaw upon being informed by the researchers. The marketplace released a patch that restricted cross-origin communication, effectively reducing the risk of further exploitation.