On February 5th, the co-founder of NFT project Azuki, 2PMFLOW.ETH, said on Twitter that he noticed a problem on OpenSea recently, namely: someone can use a variable proxyRegistryAddress to become a whitelist of NFT contracts.
We're noticing some projects about to launch which have this issue. A safer alternative for supporting OpenSea whitelisting- just set the Opensea proxyRegistryAddress in the constructor and make it immutable, takes 2 minutes. DMs are open, happy to assist!
— 2PMFLOW.ETH (@2pmflow) February 3, 2022
For those of you who are minting NFTs, you need to understand the risks involved, as anyone with the contract owner’s key can transfer your tokens to whatever they want without your approval in any wallet address.
2PMFLOW.ETH revealed that they noticed this issue with some upcoming NFT projects. A more secure alternative to support OpenSea whitelisting is actually quite simple, just set the Opensea proxyRegistryAddress in the constructor and make it immutable, and the operation takes as little as 2 minutes to deploy.