Risks of whitelisting OpenSea Proxy addresses in NFT contract code

mow · February 21, 2022, 6:00pm

I came across this recent warning about overriding isApprovedForAll method in NFT contracts:

gist.github.com

https://gist.github.com/dievardump/483eb43bc6ed30b14f01e01842e3339b#warning-

README.md

# Warning !!!

Recent events have shown that the auto-approval for user proxies is **way too dangerous**.

Security of users' NFTs should come before the convenience of auto approving collection for trading.

This is why I decided to remove the files in this gist.

OpenSea's documentation still recommends to do the overriding to reduce friction in sales transactions on their platform:

What does everyone think about the risks?

adriadrop · January 25, 2023, 3:06pm

Seems to me they don't encourage it anymore. It is hard to find info on it, most is stale and in their regular docs you can't even find which proxy addresses are used, you need to dig it out from the internet etc.
I personally skip implementing it in NFTs.

Topic		Replies	Views
setApprovalForAll(...) with OpenSea Smart Contracts erc1155	1	1367	June 16, 2022
My first NFT smart contract Review Wanted	1	651	June 3, 2022
No Opensea Listing Fees (ReDo) Contracts	1	997	February 9, 2022
Resources on how to programmatically send 1 NFT with 100 copies to 100 different addresses? Smart Contracts	1	442	October 14, 2021
Could someone help explain the proxy address for solidity contracts? Support erc1155	2	1847	March 6, 2022

Risks of whitelisting OpenSea Proxy addresses in NFT contract code

Related topics