4 matches found
Minter and position privileges allow unrestricted minting and burning of arbitrary tokens
Lines of code Vulnerability details Any registered minter and a position belonging to him have absolute control of minting and burning tokens on all accounts. Impact New minting mechanisms are subject to governance approval i.e. can be veto’ed. These, however, will be arbitrary contracts with...
A user can override a namespace created by another user, using the same name
Lines of code Vulnerability details Impact Let's say: Julian, and Juliet minted separate trays of characters in the Tray contract Julian approves Alice to mint a Namespace subprotocol NFT with the name Ali😀 Juliet also approves Alite to mint a Namespace subprotocol NFT with the name Ali😀 If a...
Upgraded Q -> M from #323 [1668467355303]
Judge has assessed an item in Issue 323 as M risk. The relevant finding follows: L00: beforeTokenTransfer function called with wrong params in LBToken Line 237 seems to be a copy pasta mistake from line 209 in LBToken.sol. On line 237 when burning tokens, to should be zero, and amount of from's...
Reentrancy Attack
openzeppelin-solidity is vulnerable to reentrancy attack. The vulnerability exists when a extend custom beforeTokenTransfer is invoked when burning tokens and before the send hook is externally called on the sender while token balances are adjusted after the process and this may cause the...