When a user purchases an NFT object, he purchases its identifier rather than an actual image. This unique identifier leads to the Interplanetary File System and this node is run by the company from which a user purchases an NFT. So, in case the company that is minting NFTs experiences a serious hack or decides to exit from the market, a user will lose access to his NFT object or there is a risk that the value of the purchased NFT may drop to zero.
Yes, like other virtual assets, NFTs can be stolen. Smart contract vulnerabilities may enable a malicious actor to mint NFTs without the consent of a marketplace. Through social engineering techniques, malicious actors can make users transfer their NFTs to malicious addresses.
During the smart contract audit of an NFT project, auditors test the code against such flaws as denial of service attacks, gas limit issues, reentrancy attacks, insecure random number generation, overflows and underflows, etc. Each identified vulnerability is given its severity level so that a project can realize what issue to fix immediately.
Smart contract audit allows a project to identify any features in the code that may potentially enable manipulations resulting in the damaged reputation of loss of assets. A smart contract audit may allow the code to work more efficiently thereby allowing a project to demonstrate higher performance.