SoK: On the security of non-fungible tokens

Non-Fungible Tokens (NFTs) drive the prosperity of the Web3 ecosystem. By May 2024, the total market value of NFT projects reached approximately $69 billion. Accompanying the success of NFTs are various security issues, i.e., attacks and scams are prevalent in the ecosystem. While NFTs have attracted significant attention from both industry and academia, there is a lack of understanding of the kinds of NFT security issues. The discovery, in-depth analysis, and systematic categorization of these security issues are of significant importance for the prosperous development of the NFT ecosystem. To fill this gap, we perform a systematic literature review related to NFT security and identify 176 incidents from 248 security reports and 35 academic papers until May 1st, 2024. Through manual analysis of the compiled security incidents, we classify them into 12 major categories. Then, we explore potential solutions and mitigation strategies. Drawing from these analyses, we establish the first NFT security reference frame. In addition, we extract the characteristics of NFT security issues, i.e., the prevalence, severity, and intractability. We highlight the gap between industry and academia for NFT security and provide further research directions for the community. This paper, as the first Systematization of Knowledge (SoK) of NFT security, systematically explores security issues within the NFT ecosystem, shedding light on their root causes, real-world attacks, and potential ways to address them. Our findings will contribute to future research on NFT security.