Lines of code
<https://github.com/code-423n4/2022-02-foundation/blob/4d8c8931baffae31c7506872bf1100e1598f2754/contracts/mixins/NFTMarketFees.sol#L188&gt;

Vulnerability details

Impact

A primary seller can circumvent the 15% fee and pay 5% as a secondary seller.

Context

The foundation protocol charges a 15% fee if the sale is a primary sale and 5% if it’s a secondary sale.
<https://github.com/code-423n4/2022-02-foundation/blob/4d8c8931baffae31c7506872bf1100e1598f2754/contracts/mixins/NFTMarketFees.sol#L40&gt;

There are 2 conditions that must be met for a sale to be considered primary:

1. The seller is one of the creators in the NFT metadata.
2. It’s the first time this NFT is sold on the foundation protocol.

<https://github.com/code-423n4/2022-02-foundation/blob/4d8c8931baffae31c7506872bf1100e1598f2754/contracts/mixins/NFTMarketFees.sol#L188&gt;

Proof of Concept

Both of these conditions can be easily circumvented by the primary seller.

1. He could transfer the NFT to a different wallet and sell it from there to break the first condition.

2. He can make a private sale to himself for 1$ (paying the 15% fee on a dust amount) and then do a public auction with the real price.

With any of these 2 methods, the primary seller can circumvent the 15% fee and pay 5% as a secondary seller which makes the primary seller fee optional to pay.

The text was updated successfully, but these errors were encountered:

All reactions