Safe Rendering: Protect your users from malicious NFTs


June 15, 2023


← Back

We're pleased to announce that our V2 renderer supports "Safe Rendering", which enables our users to remove malicious elements from NFT media before showing them in their applications.

Malicious NFTs have unfortunately become an attack vector for hackers looking to drain wallets. The precise attack can vary – but often take the form of a surprise airdrop. When users view the airdropped NFT, the NFT media triggers a pop-up prompting users to connect their wallet. If granted, hackers drain the user's wallet.

These types of attacks can be major problems for applications that allow users to view NFT media. With the Center API V2, you can now protect your users from these attacks.

With Center's next-generation renderer (part of our new V2 API), you can render NFTs in "safe mode":

With the Center V2 Renderer, users can specify precise file types before rendering (.png, .jpg and .gif). The Center Renderer will rasterize the media to convert it to the desired file type, which will remove any malicious elements so that users are protected.

Making this change is as easy as adding the desired extension to the end of your API request!

This request will render the original media as it exists on-chain:

https://api.center.dev/v2/ethereum-mainnet/{NFTAddress}/nft/{tokenId}/render/original

This request will convert the media to a .jpg file (see ".jpg" at the end of the request), removing any malicious elements in the process:

https://api.center.dev/v2/ethereum-mainnet/{NFTAddress}/nft/{tokenId}/render/original.jpg

This works for .jpg, .png and .gif! Check out how easy it is to transform media to different file types:

An example (with a non-malicious NFT!) showing the conversion of an SVG file to a JPG and PNG