A person drawing a picture of a flower with a green pencil
Return

PRISM

Smart Contract Analysis and Security Check for the NFT Marketplace

About the client

NuPay Technologies is a blockchain corporation dedicated to creating innovative and sustainable products. The company aims to unlock the limitless potential of digital assets while having a minimal impact on the environment. One of the first steps towards their goals was the development of the PRISM NFT marketplace.

Details

PRISM is an all-purpose, next generation NFT marketplace developed by NuPay Technologies.
PRISM allows creators to publish and sell their artworks to buyers who can either collect or resell them. The platform has already attracted many popular artists such as Leena Al Ayoobi, Arthur Pardini, Léo Caillard, Christophe Vacher, and Daniel Cheong.

Team

  • Project manager
  • Business analyst
  • Lead developer
  • DevOps
  • Solidity developer2
  • Full-Stack developer
  • QA

Client’s request

The customer wanted to make sure that their system was 100% secured on the smart contract side.

They wanted our team to:

  • Analyze existing smart contracts on the NFT marketplace
  • Detect bugs and identify security vulnerabilities
  • Fix the errors and eliminate all possible issues
  • Hammer down the Ethereum transaction mechanisms
  • Enable highly secure transactions
  • Ensure smooth user flow

The client also requested us to:

  • Add a migration tool that would allow developers to update smart contracts with new features if the community is eager to do so
  • Connect a Chainlink Oracle to the Ethereum blockchain that PRISM is powered by
  • Do CI/CD preparations
  • Add security filters
  • Prepare environment architecture for development, staging, and production

Work done

Our blockchain professionals have analyzed PRISM smart contracts, identified key pain points, bugs, and vulnerabilities, and given advice on how to keep the platform running smoothly. We fixed all the issues detected and afterwards successfully passed a smart contract audit conducted by a third party.

Details

The interface of a homepage of the PRISM NFT Marketplace
The interface of an NFT listing page of the PRISM NFT Marketplace
The interface of a login screen of the PRISM NFT Marketplace

* The design of layouts was provided by the client.

User flow

We started our work by studying the project. It was especially important to keep the original user flow designed by the client.

Notably, the process of selling and buying NFTs on PRISM is done manually. Here is what it looks like:

  • 1

    The artist publishes their NFT and sets a starting price for it

  • 2

    Users evaluate the particular NFT and send their price proposals to the artist

  • 3

    The artist chooses who they want to sell their NFT to and accepts the offer

  • 4

    The artist receives the payment and sends their NFT to the buyer

Our tasks

Based on this user flow, our client gave us the following tasks:

  • A green icon of a checkmark

    Provide seamless user flow by allowing artists to collect payment and buyers to receive the NFTs they have purchased

  • A green icon of a checkmark

    Ensure the automatic return of NFTs and funds to their original state if one of the parties did not fulfill the conditions

  • A green icon of a checkmark

    Add a migration tool to be able to migrate the history of an existing contract to its updated version in case the community or the client wants to add new functionality or change the flow within the smart contract

  • A green icon of a checkmark

    Ensure that the tokens issued on PRISM could not be sold on other marketplaces as PRISM itself represents a secondary marketplace

Smart contracts and their role in the project

Smart contracts are at the heart of any blockchain-based application as they represent lines of code with transaction conditions embedded in them.

Essentially, they automate transactions, secure the application, and protect the user’s money. Smart contracts also eliminate the participation of any intermediary and the consequent loss of time.

Since large sums of money are transferred through or locked into smart contracts, they often become a target for hackers. Smart contracts should not therefore have any security vulnerabilities, otherwise users run the risk of losing their NFTs and funds — and the platform owner their reputation.

Got an idea? Let’s work together

How we worked on PRISM smart contracts

As the PRISM marketplace is currently running on the Ethereum blockchain, our developers used the Solidity programming language to fix and rewrite smart contracts.

Our team focused on three major points:

1

Security against hacker attacks and scams

Since buying and selling NFTs is done manually, this concept comes with security risks. We detected more than 20 minor/trivial problems in the initial code, which were preventing perfect optimization. We fixed them in order to secure smart contracts and thereby protect the platform and its users.

2

The correct operation of the user flow

We were asked to polish smart contracts to eliminate any possibility of malicious actions during the interaction between artists and buyers. We carefully analyzed the code and fixed it so that the parties could not cheat each other in any way.

For example, an artist receives an offer from a buyer and accepts it. The buyer sends their money to the artists, but there is no sign of the NFT for 48 hours. In this case, the buyer will receive their money back. If the artist sends their NFT to the buyer, but the buyer does not confirm receipt of the token, the buyer will receive their money back and the artist will still have their NFT.

Thus, smart contracts define and record every step that the buyer and seller take. If the conditions are not met, the smart contract will return everything to its original state and no one will lose anything.

3

The ability to resell NFTs only using the PRISM marketplace

We debugged and rewrote smart contracts in such a way that it is now completely impossible to sell NFTs issued by PRISM on any other marketplace.

Once the smart contracts were successfully corrected, they were audited by a third party company. No critical errors were found. Several problems were associated with the original architecture of the project. Other issues were resolved by our team.

Our process step by step

When working on our client's smart contracts, we followed these four steps:

1

Gathering requirements

  • Understanding the core problems and goals of the project
  • Analyzing client’s requirements
  • Defining the scope of work
2

Initial analysis of smart contracts

  • Bugs and issues research
  • Approving the scope of detected problems and offering solutions
3

Correction of errors and bugs

  • Code refactoring and optimization
  • Adding new features and security coverage
4

Code testing

  • Unit testing
  • Testnet QA process
  • Stress testing for preventing malicious actions

Results

The PixelPlex and NuPay Technologies collaboration on the PRISM NFT marketplace has been fruitful and has helped the client bring about meaningful transformation to their platform. The marketplace has been operating since February 2022, and our team is proud to have contributed to the project by auditing its smart contracts.

When working with our client, we fulfilled all their requirements, namely:

  • Ensured the security of smart contracts and thereby the entire system
  • Preserved and enhanced the original flow between NFT buyers and sellers
  • Made sure that NFTs did not go beyond the PRISM marketplace
  • Added a migration tool to enable easy updates of smart contracts in case the community asked for changes

Our work with NuPay Technologies will continue as we both strive to advance blockchain technology and make the world better through innovation.