Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/11/13 12:0 a.m.13 views

RandomizerNXT allows randomness re-rolling and also front-running.

Lines of code Vulnerability details Description When a collection uses RandomizerNXT as the randomizer, the process of minting and setting the token hash happens in the same transaction and block, which allows two attacks. First, a user can see the randomness outcome in mempool and front-run his...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.11 views

LSP8CompatibleERC721's approve() deviates from ERC-721 specification

Lines of code Vulnerability details Bug Description The LSP8CompatibleERC721 contract is a wrapper around LSP8 that is meant to function similarly to ERC-721 tokens. One of its implemented functions is ERC-721's approve: LSP8CompatibleERC721.solL155-L158 function approveaddress operator, uint256...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.13 views

Lack of Access Control in withdrawTokens Function Allows Unauthorized Token Withdrawal

Lines of code Vulnerability details Impact withdrawTokens function lacks proper access control, enabling an attacker to exploit it and withdraw tokens from the escrow to an arbitrary address, since no access control check ensures that only the DAO contract can invoke this function, and as a resul...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.15 views

Malicious user able to start auction to any NFT

Lines of code Vulnerability details Impact Any address can start an auction for an NFT, regardless of whether they are the actual owner of the NFT. This vulnerability could allow an attacker to start auctions for NFTs that they do not own, potentially leading to financial losses for the true owne...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.8 views

Assets can be transferred to zero address on operational mistake

Lines of code Vulnerability details It is possible to withdraw all the assets after Buyout before settleVault was run and newVault created as asset transfer functions do not check the address. Proof of Concept /// @notice Migrates an ERC-20 token to the new vault after a successful migration ///...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/01 12:0 a.m.7 views

Possible to steal collateral during a reentrant collateral transfer

Lines of code Vulnerability details Impact In NFTPair.sol218 an ERC-721 transfer occurs. Anyone who gains execution during this transfer after the owner of the token is changed can steal the token transferred. Note that it will be applicable only if !skim. Since the exploit makes assumptions abou...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/04/30 12:0 a.m.6 views

ERC-721 Enumerable Spec mismatch for index of tokenByIndex() function

Handle 0xRajeev Vulnerability details Impact Index starts at 0 for token array but the implementation here requires index to be greater than 0. This will prevent querying of token at index 0. See reference implementation This will impact compatibility with NFT platforms that expect full conformit...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/30 12:0 a.m.10 views

ERC-721 Enumerable Spec mismatch for return value of tokenByIndex() function

Handle 0xRajeev Vulnerability details Impact tokenByIndex is required to return the token at queried index but the implementation here returns the parameter index itself. This will prevent all querying of tokens. See reference implementation This will impact compatibility with NFT platforms that...

7AI score
Exploits0
Rows per page
Query Builder