5 matches found
Malicious Basket Could Be Used To Rug Fractionalized Token Holders
Lines of code Vulnerability details Proof-of-Concept The NibblVaultFactory.createVault accepts any NFT address or any Basket address. Therefore, an attacker could pass a malicious basket address during vault creation. function createVault address assetAddress, address curator, string memory name,...
missed valid address check for assetAddress
Lines of code Vulnerability details Impact Malicious Actor can do DoS using Reentrance using createVault and can create vault without depositing any asset Proof of Concept pragma solidity ^0.8.10; import "./NibblVaultFactory.sol"; contract ERC721Attack address curator =...
TokenType mismatch with true type can be exploited to steal funds
Lines of code Vulnerability details A vault can be created for different TokenTypes, namely ERC20 and ERC721. These tokens have different logic, so a user needs to pass the type of the underlying token when creating a vault. At the end of createVault the user's tokens are pulled into the contract...
no-revert-on-transfer ERC20 tokens can be drained
Lines of code Vulnerability details Impact Some ERC20 tokens don't throw but just return false when a transfer fails. This can be abused to trick the createVault function to initialize the vault without providing any tokens. A good example of such a token is ZRX: Etherscan code When such a vault ...
A malicious user can create a vault that is actually empty
Lines of code Vulnerability details description A malicious user can call the createVault function to create a vault with an ERC20 token that returns false rather than revert on failed transfer. By specifying the tokenType parameter to be ERC721 the transferFrom function will be called rather tha...