What is ERC721-specifics?

A focused skill set on rounding issues and exploit analysis specific to ERC721 token contracts, especially where price feeds influence value and settlements.

Why are price oracles important for ERC721?

Many ERC721 flows (sales, collateralization, or dynamic pricing) rely on external prices; inaccuracies or manipulation can lead to financial loss or exploitation.

How can I mitigate rounding exploits in ERC721?

Use multi-source oracles, implement median pricing, test rounding edge cases thoroughly, and provide safe fallback mechanisms with clear failure modes.

erc721-specifics

Scanned

npx machina-cli add skill mnedelchev-vn/solidity-defi-claude-skills/erc721-specifics --openclaw

Files (1)

SKILL.md

401 B

Rounding issues and exploits analysis

TODO

When to Use

TODO

When NOT to Use

TODO

Examples of issues with Price oracles

Case 1: TODO

Additional Analysis

Beyond the patterns above, apply your full security knowledge to identify any related issues not covered here for the topic of this particular skill.

Source

git clone https://github.com/mnedelchev-vn/solidity-defi-claude-skills/blob/master/skills/erc721-specifics/SKILL.mdView on GitHub

Overview

This skill focuses on rounding issues and exploits analysis within ERC721 implementations, especially where NFT value or settlement depends on external price feeds. It highlights how mispricing or mispricing-driven flows can create security gaps in NFT marketplaces, collateralization, and auction systems.

How This Skill Works

It analyzes ERC721 code paths that rely on external price inputs, checking for rounding errors in arithmetic used for pricing, payouts, and settlements. Practically, it guides auditors to trace price data from oracles through minting, transfers, and sales, identifying edge cases that could be exploited.

When to Use It

Auditing an ERC721 contract or marketplace that uses external price feeds to determine value or settlement.
Reviewing NFT collateralization or lending protocols that base valuations on price oracles.
Evaluating dynamic pricing or auctions for NFTs that depend on oracle-derived values.
Checking for rounding-related discrepancies in NFT sale payouts and payout calculations.
Investigating suspected oracle manipulation or pricing exploits in ERC721 flows.

Quick Start

Step 1: Identify all price inputs and oracle calls used by the ERC721 contract (mint, sale, collateral, payout).
Step 2: Trace every arithmetic operation that uses price data and create tests for edge rounding scenarios.
Step 3: Add robust oracle failure handling and multi-source validation; document potential exploit paths.

Best Practices

Use multiple price sources and median pricing to reduce rounding distortions.
Test rounding edge cases for all price-dependent flows (mint, transfer, sale, collateralization).
Explicitly handle price normalization to avoid seller underpayment due to rounding.
Incorporate explicit fallback values and outage handling for price feeds.
Document and test failure modes where oracle data is delayed or tampered.

Example Use Cases

An NFT lending protocol relies on an external price feed to value collateral; rounding can affect liquidation thresholds.
An NFT marketplace uses an oracle-based reserve price during auctions; rounding differences can change the winning bid.
A collateral vault settles payouts based on oracle prices, where rounding errors create payout discrepancies.
Royalties or fees are calculated as a percentage of an oracle-derived sale price, with rounding potentially underpaying creators.
Oracle outages trigger fallback pricing in ERC721 contracts, which can be exploited if fallback logic is not secure.

Frequently Asked Questions

Add this skill to your agents