A well-known sports league's digital collectible contract has a serious vulnerability, allowing hackers to mint for free and profit.

Recently, a digital collectible launched by a well-known sports league has attracted the attention of security experts. Professionals discovered a serious security vulnerability after reviewing its sales contract. This vulnerability allows technically savvy individuals to create collectibles without paying any fees and profit from them.

The root of the problem lies in the defect of the contract's signature verification mechanism for whitelisted users. Specifically, the contract fails to ensure the exclusivity and one-time use of the whitelist signatures. This means that potential attackers can reuse the signatures of other whitelisted users to mint collectibles.

From a technical perspective, the design of the verify function has obvious flaws, as it does not include the sender's address in the signature verification process. More notably, there is also no mechanism set in the contract to ensure that each signature can only be used once. These should be basic software security measures, yet they have been overlooked in this high-profile project.

Security experts expressed surprise at this, believing that such basic security practices should be an indispensable part of any blockchain project development process. They emphasized that even well-known projects cannot overlook the most fundamental security audit steps.

This event once again highlights the importance of security in the blockchain and digital asset space, which cannot be overlooked. For developers and investors participating in such projects, enhancing security awareness and conducting thorough security audits will be one of the key factors for the success of future projects.