Security Mechanisms

Security is critical in a decentralized marketplace. This contract implements several security checks to prevent unauthorized access and manipulation.

2.1 Ownership Checks

  • Only the original offer owner can cancel a sell or buy order.

  • Sellers must own the NFTs before listing them for sale.

2.2 Trade Validations

  • Preventing invalid amounts:

    • Offers with 0 price or NFTs are rejected.

    • Users cannot overbuy or oversell assets.

  • Currency Type Checks:

    • Buyers and sellers must use the correct token (CURRENCY).

    • Trade Ledgers only accept transactions in registered currencies.

2.3 Preventing Overflows

To prevent integer overflows, all calculations use safe arithmetic:

moveCopyEditfun safe_add(a: u64, b: u64): u64 {
    assert!(a <= MAX_U64 - b, E_OVERFLOW);
    a + b
}

This ensures that large trades don’t cause unexpected errors.

2.4 Deny List Enforcement

  • If a collection enables deny lists, restricted users cannot trade.

  • The deny list is managed by the collection owner.


3. Best Practices for Integration

To ensure smooth integration with this contract, follow these best practices:

3.1 Listening for Events

Marketplace applications should subscribe to blockchain events for real-time updates.

  • Example: Track new orders using OfferCreated events.

  • Example: Remove orders when OfferAccepted or OfferCancelled events are detected.

3.2 Validating User Inputs

Before calling contract functions:

  • Ensure that users own the NFTs they want to sell.

  • Verify that buyers have enough funds before accepting offers.

  • Handle error codes gracefully in the frontend.

3.3 Batch Transactions for Efficiency

  • Encourage batch processing of multiple buy/sell offers to reduce gas fees.

  • Example: A buyer can purchase 10 NFTs in a single transaction using batch_accept_offers.

3.4 Price Indexing

  • Use get_price_levels() to fetch sorted price levels.

  • Enable efficient price discovery by listing NFTs based on indexed prices.

3.5 Handling Partial Fills

  • Orders may partially fill, so the UI should update the order status dynamically.

  • Example:

    • If a sell order is partially filled, update the remaining quantity.

    • If a buy order is partially accepted, adjust the requested asset count.

3.6 Preventing Front-Running

  • Users should refresh their data before confirming trades.

  • Frontend applications can pre-check availability before calling accept_offer.

Last updated