8 matches found
RandomizerNXT allows randomness re-rolling and also front-running.
Lines of code Vulnerability details Description When a collection uses RandomizerNXT as the randomizer, the process of minting and setting the token hash happens in the same transaction and block, which allows two attacks. First, a user can see the randomness outcome in mempool and front-run his...
LSP8CompatibleERC721's approve() deviates from ERC-721 specification
Lines of code Vulnerability details Bug Description The LSP8CompatibleERC721 contract is a wrapper around LSP8 that is meant to function similarly to ERC-721 tokens. One of its implemented functions is ERC-721's approve: LSP8CompatibleERC721.solL155-L158 function approveaddress operator, uint256...
Lack of Access Control in withdrawTokens Function Allows Unauthorized Token Withdrawal
Lines of code Vulnerability details Impact withdrawTokens function lacks proper access control, enabling an attacker to exploit it and withdraw tokens from the escrow to an arbitrary address, since no access control check ensures that only the DAO contract can invoke this function, and as a resul...
Malicious user able to start auction to any NFT
Lines of code Vulnerability details Impact Any address can start an auction for an NFT, regardless of whether they are the actual owner of the NFT. This vulnerability could allow an attacker to start auctions for NFTs that they do not own, potentially leading to financial losses for the true owne...
Assets can be transferred to zero address on operational mistake
Lines of code Vulnerability details It is possible to withdraw all the assets after Buyout before settleVault was run and newVault created as asset transfer functions do not check the address. Proof of Concept /// @notice Migrates an ERC-20 token to the new vault after a successful migration ///...
Possible to steal collateral during a reentrant collateral transfer
Lines of code Vulnerability details Impact In NFTPair.sol218 an ERC-721 transfer occurs. Anyone who gains execution during this transfer after the owner of the token is changed can steal the token transferred. Note that it will be applicable only if !skim. Since the exploit makes assumptions abou...
ERC-721 Enumerable Spec mismatch for index of tokenByIndex() function
Handle 0xRajeev Vulnerability details Impact Index starts at 0 for token array but the implementation here requires index to be greater than 0. This will prevent querying of token at index 0. See reference implementation This will impact compatibility with NFT platforms that expect full conformit...
ERC-721 Enumerable Spec mismatch for return value of tokenByIndex() function
Handle 0xRajeev Vulnerability details Impact tokenByIndex is required to return the token at queried index but the implementation here returns the parameter index itself. This will prevent all querying of tokens. See reference implementation This will impact compatibility with NFT platforms that...