2 matches found
If treeAdder call addMerkleTree() of MerkleIdentity with wrong values for eligibilityIndex or priceIndex (uninitialized) attacker can steal NFTs
Lines of code Vulnerability details Impact If treeAdder call addMerkleTree of MerkleIdentity with wrong values for eligibilityIndex or priceIndex uninitialized gates index attacker can create those gate indexes in priceGateAddress or eligibilityAddress they are permission less with his own specif...
if user call addMerkleTree() of MerkleIdentity with priceIndex==0 by mistake or other uninitialized gates, then attacker can steal all the NFTs with 0 payment
Lines of code Vulnerability details Impact If treeAdder calls addMerkleTree with priceIndex==0 by mistake, then attackers can buy NFT's with price of 0 because gate Indexs in FixedPricePassThruGate or SpeedBumpPriceGate start from 1 and gates0 will be uninitialized and getCost0 will return 0. Thi...