4 matches found
Reliance on ERC20Upgradable.decimals() will always return 18 despite actual token decimals
Lines of code Vulnerability details Impact A call to ERC20UpgradeabletokenIn.decimals is used in the getAmountOut function of KnightingRound.sol to determine how much citadel to provide to the user for the given amount of tokenIn. The issue with using ERC20Upgradeable.decimals is that it always...
Marketplace Zap mints can be denied
Handle cmichel Vulnerability details The NFTXMarketPlaceZap.mint721 function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE - count INFTXVaultvault.mintFee by checking: function mint721 uint256 vaultId, uint256 memory ids internal returns...
Staking Zap add liquidity can be denied
Handle cmichel Vulnerability details The NFTXStakingZap.addLiquidity721WETH function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE by checking: function addLiquidity721WETH uint256 vaultId, uint256 memory ids, uint256 minWethIn, uint256 wethI...
Reentrancy vulnerability in Basket contract's initialize() method.
Handle broccolirob Vulnerability details A malicious "publisher" can create a basket proposal that mixes real ERC20 tokens with a malicious ERC20 token containing a reentrancy callback in it's approve method. When the initialize method is called on the newly cloned Basket contract, a method calle...