--- robots: noindex, nofollow --- # #SmartCustody for NFTs ###### tags: `article / in process` #SmartCustody is a risk-modeling system that assesses risk as the consequence of a vulnerability being exploited multiplied by the likelihood of that vulnerability being exploited, with the consequence usually (but not always) focused on the loss of an asset. It then assesses resolutions for those risks per their difficulty, which can be based on cost or on loss of functionality. Different assets have different risk models and require different scenarios for protection. The original #SmartCustody focused on protecting Bitcoin-based digital assets, while this document focuses in NFTs. Ethereum would be a different scenario, closer to NFTs than to Bitcoin. ## Asset Identification To fully risk model NFT holdings requires answering portfolio questions to create a better understanding of the assets, their valuation, and their functionality. This allows assessment of both the consequences of lost and the costs of resolution. Initial questions include: 1. What is the overall value of the portfolio? 2. What is the average value for individual NFTs within the portfolio? * Low-value portfolios may receive insufficient returns from a #SmartCustody model. * High-value NFTs and high-value portfolios consisting of lower value NFTs may require different models. 3. What is the public awareness of the NFTs? * Particularly high publicity NFTs, such as the Bored Apes, can create unique threats. 4. How frequently are the NFTs traded? * NFTs that are not frequently traded have the option to be better protected. 5. Is the account holding your NFTs used for other activities requiring cryptographic authentication or private keys? * Other functionality increasingly creates a honeypot that could make it a target (and which could increase your losses). 6. Are the NFTs regularly viewed? By yourself? By others? * NFTs stored as an investment can also be better protected. * There may be different models for NFTs that are individually and publicly viewed. 7. Is there a need for some or all of the NFTs to be publicly linked to their owner? * NFTs linked to a real-world identity can create new vulnerabilities. 8. Is there a need for some or all of the NFTs to be linked together? * Maintaining numerous NFTs on the same Ethereum address can also create a honeypot. 9. Do the NFTs have functionality other than artwork? * NFTs already exist with functionality such as Discord access; use of functionality such as this may require different storage mechanisms. By answering these questions, you will be able to create a personal strategy for protecting NFTs that will likely not fix everything, but that will help you fix the problems most likely to affect you with the solutions most likely to have strong impact and least likely to have strong consequences on the functionality that you count on. __Do _not_ answer these questions here or in a Google Doc. These are questions that should be personally asked and discussed to create a #SmartCustody strategy; they are too revealing to be placed in a public location.__ ## Ethereum Vulnerabilities Risk in #SmartCustody is determined by brainstorming specific vulnerabilities for asset holding ("custody vulnerabilities"), asset transfer ("interface vulnerabilities"), and other issues ("non-physical vulnerabilities"). This is often a personal process based on an individual's cryptocurrency processes, their concerns, and their risk adversity. However, the architecture, technology, and culture of the Ethereum community also create unique vulnerabilities, some of which are associated with new Adversaries, not currently outlined in the #SmartCustody book. The following Ethereum vulnerabilities should at least be considered by any NFT holder. 1. Everything I own can be seen together. * Adversary: Correlation Ethereum generally promotes a culture of one key for one user. Wallet technology generally links a single key-pair to an account. SmartContract technology often requires currency and assets to be held on the same account. Altogether this creates a situation where everything that someone owns can be linked to a single Ethereum address, allowing easy correlation. This can be a much more dangerous type of correlation than that assumed by the Correlation adversary in #SmartCustody. It's not just that different funds can be linked together, but ... everything can. 2. If I lose one key, I lose everything. * Adversary: Centralization (New) This is a new adversary, currently missing from #SmartCustody, and more problematic on Ethereum. A single private key tends to be used to unlock personally held funds, to access smart contracts, and to create signatures. If that private key is lost or stolen then all functionality goes with it. 3. Everything I own could be stolen together. * Adversary: Network Attack, Personal #SmartCustody for Bitcoin generally assesses personal network attack as a low risk. Sophisticated hackers are more likely to go after exchanges or corporations, not individual asset holders. (Obviously, individual holders may have different risk assessments for their own holdings.) That general rule may not be true for Ethereum, where honey pots of assets and funds are created due to the use of singular Ethereum addresses, as discussed in the Correlation and Centralization adversaries. This situation can be made even worse by high-profile NFTs with known, high values. Tracing such an NFT to its address could easily lead a hacker to an individual with considerable Ethereum holdings. The huge scope of this problem can be seen in DAO treasuries, some of which have been recorded to hold billions of dollars of value. 4. I could be tricked into giving up permissions. * Adversary: Social Engineering Social engineering is a high-level threat for many digital assets, but it's a particular problem for Ethereum, again due to a combination of culture and technology. The technological issue comes from wallets such as MetaMask that aren't sufficiently clear (or which don't offer sufficiently strong warnings) about what permissions are being given away. The culture issue comes from common-place airdrops, some of which require no permissions, some of which require permissions to receive, and all of which require permission to transfer. A combination of poor UI design for permissions and devious use of airdrops has already created real losses of funds and assets, usually when people gave away access to their funds while accepting an airdrop. 5. It's expensive for me to be safe. * Adversary: Cost (New) Optimal digital asset protection usually requires moving those assets into cold storage when they're not being used and moving them back to a warm wallet when they're ready to be traded. Another method of protection is to use multisigs. Unfortunately, most of these fundamental security measures are currently costly on the Ethereum network due to gas fees. Moving funds to or from cold storage can easily cost $100 each way, while these fees can be even higher if activation of a Gnosis smart contract is required due to use of a multisig. This not only limits _when_ #SmartCustody can be used, but it also increases users' reluctance to do so because of the costs. (This is another new adversary, first identified on the Ethereum network.) 6. NFTs may reveal my personal information. * Adversary: Exposure (New) NFTs are still a raw technology and have unique privacy issues related to the fact that the blockchain record of an NFT often links to a URL to display the actual image. The web servers powering those URLs can access unexpected information about a user such as their IP address, which creates new Exposure risks not found in standard cryptocurrency usage. Related to this is a recent "hack", where a user created an NFT that displayed in different ways depending on where it was accessed from; this underlies the possibility of IP exposure (and there's more than that, as web browsers also tend to collect information related to machines and browsers being used).