Particular thanks to Post Capone for identifying this attack vector Psifour for technical review.
If we sweep a spotlight across the Dark Forest of Ordinals activity, we can begin to identify several predators that might be lurking in the shadows. These predators take advantage of the challenge that it’s either a big engineering lift to facilitate secure marketplace exchanges or that users don’t want to click a few more buttons. The reality is, the more buttons a user has to click the less likely they are to use your product. This presents opportunity.
TL;DR: Strange behavior creating & canceling ordinals purchases could be someone collecting signatures to cash in at a later date — if a collection floor price goes from 0.1btc → 0.2btc, someone could theoretically still buy the old listings at the original 0.1btc price 😱😱😱
How could they do it?
First, let’s review how a sale on a marketplace like MagicEden works. A transaction on a marketplace like ME has inputs and outputs. Let’s oversimplify the visualization:
A seller agrees to sell their Puppet for 0.1btc. The buyer agrees to buy the puppet for 0.1btc. The transaction is signed and the seller gets 0.1btc and the buyer gets the Puppet. (Marketplaces take a fee, but we’re hiding that for simplicity).
One of the key things to understand is that each party needs to sign their part of the transaction. When the seller signs the transaction to list their Puppet at 0.1btc, it creates a Partially Signed Bitcoin Transaction (PSBT) where anyone can sign to be the buyer. You as a seller are signing a transaction where you don’t know yet who the buyer is, you just agree to sell your Puppet at 0.1btc.
Then a buyer comes along and signs the transaction, agreeing to pay 0.1btc.
The type of transaction where the seller agrees to sell their Puppet uses the “sighash_single” flag — it basically means that the seller just requires that they get 0.1btc, they don’t specify who the buyer is or where the Puppet goes.
Let’s say that the seller decides to relist their Puppet at a different price. That PSBT for the 0.1btc sale is discarded by the marketplace and the new PSBT, say for 0.2btc goes up after a buyer clicks “buy” on the marketplace frontend.
Marketplaces hide these PSBTs until a buyer comes along and signs them. Otherwise, if the seller decides to re-list that Puppet at a different price (read: higher price) then someone could theoretically take the original listing and sign that transaction for 0.1btc when the seller (and the marketplace) intend for it to be sold at 0.2btc.
However, if you were somehow able to sign the PSBT as the buyer but not have the transaction get confirmed into a block, by canceling it somehow, you would be able to see the signature of the seller (e.g. the eye above pointing to the arrow of the 0.1btc payment).
So if you were able to bait a marketplace into revealing these signatures from the seller, you would be able to sign them as long as the Inscription remains in the same output/UTXO.
Recently, it appears that someone has been sweeping large amounts of “blue chip” collections such as the notable Quantum Cats sweep last week. These sweeps have been quickly canceled, but the signatures are still revealed. If the listing for those inscriptions are not spent to a new output (read: on-chain transaction fee) the listing could be cashed in at a later date if the collection goes up (10btc+ you know it will happen)
Yes, it is possible for someone to use your old 0.1btc listing in the future even if the floor price of the collection may be 10btc if you have not been required to make an on-chain transaction fee to cancel the listing.
Is someone currently doing this? It is unclear. I have reliable sources who have confirmed to me that they have tested this and it works in specific cases. You may have forgotten one of the early Unisat hacks, but it was basically a similar deal where their PSBTs were exfiltrated around Spring of 2023.
How do I prevent this from happening to me? Fear not, it’s actually really simple. If your Inscription was listed on a marketplace and then you re-list it at a higher price sometime later, you should first simply send that inscription back to yourself. This puts the inscription in a “new” UTXO, and invalidates the original signature. It’s cheap and easy, you just have to keep track of it yourself. The most simple and way is on MagicEden’s frontend where you’ll want to check “on-chain delist”. It’s a little more expensive, but it’s really just good practice and could save your ass in the future.
How do marketplaces prevent this? This is also very simple. Marketplaces risk this type of signature exfiltration by allowing free listing cancellations. If a market allows free listing cancellations then they are likely exposing their users to this type of attack vector.
There are some marketplaces that still allow a free delisting — users beware.
Shoutout to PostCapone, who has been screaming into the void about these types of risks in the ordinals ecosystem since day 1. Post helped me understand this plausible attack vector after my observation about curious collection sweeps happening over the past weekend.