NFT Royalty Bypass Remediation
How to fix NFT royalty enforcement bypass patterns.
NFT Royalty Bypass Remediation
Overview
Related Detector: NFT Royalty Bypass
NFT transfers without royalty enforcement harm creators. The fix is to use Metaplex’s Transfer instruction (pNFTs) which enforces royalties on-chain, or to implement explicit royalty calculation and payment.
Recommended Fix
Use Metaplex Transfer instead of direct SPL Token transfers for NFTs:
invoke(
&mpl_token_metadata::instruction::transfer(
TransferArgs::V1 { amount: 1, authorization_data: None },
/* all required accounts */
),
accounts,
)?;Common Mistakes
Mistake: Using SPL Token Transfer for pNFTs
// WRONG: bypasses royalty enforcement
token::transfer(ctx.accounts.into_ctx(), 1)?;pNFTs require transfer through the Token Metadata program.