_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

ERC721 and ERC1155 Reentrancy Guard is Incomplete and Wrongly Implemented

Lines of code Vulnerability details Impact Whether there is a ERC721 and ERC1155 Interaction clash or not, or if there is an inadequate transfer callback, all this would not matter as reversion would not occur due to absence of proper validation during wrap of ERC721 and ERC1155 in the Ocean.sol...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details Impact mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

Last token of maximum supply can be paid, but it isn't minted nor reverted.

Lines of code Vulnerability details Description collectionCirculationSupply is incremented in each mint and it's used to check if the mint don't overtakes the collection's max supply. However, it increments before the check, which makes that although last token is in the max supply range, the...

Minting nft with Index 0 is not allowed

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The constructor of the NextGenCore.sol contract includes an increment operation for the newCollectionIndex variable, ensuring that the newCollectionIndex start from 1. While adding or modifying addition...

Multiple instances of reentrancy

Lines of code Vulnerability details Impact This can lead to massive loss of funds and asset in Nextgen. Proof of Concept There are multiple instances of reentrancy in NextGenCore.sol, MinterContract.sol and AuctionMemo.sol. These reentrancy is due to the use of ERC721 safeMint... for token transf...

Upgraded Q -> 2 from #246 [1699029732469]

Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-03 The tokenURI is not compatible with the ERC721 standard Description function tokenURIuint256 safeId public view override returns string memory uri uri = nftRenderer.rendersafeId; tokenURI will call nftRenderer...

Since the build function in 'Vault721' allows anyone to deploy a new ODProxy for any user without proper checks, it creates a potential exploit.

Lines of code Vulnerability details Impact The ability to freely deploy ODProxy contracts through the Vault721 contract's build function represents a significant security vulnerability. Exploitation of this vulnerability could lead to: Unauthorized Actions: Malicious actors could deploy proxies f...

flashloan() allows both owner and approver to call

Lines of code Vulnerability details Impact Allowing the borrower to borrow more than the current limit Proof of Concept As we can see ,flashloan uses StorageHelpers.revertNotOperator to check if the msg.sender has permissions to call. function flashloanStructs.FlashInfo calldata info external...

CreateOffererLib#createOrderHash function can be front-run by attacker and cause user create order failed

Lines of code Vulnerability details Impact Function CreateOffererLibcalculateOrderHashAndId is used to calculate ERC20/ERC721/ERC1155 order hash and delegateTokenId. It create delegateTokenId parameter by calling DelegateTokenStorageHelpersdelegateIdNoRevert function, this function calculate...

The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller

Lines of code Vulnerability details Impact Invalid token types could be used with encoded order info, breaking expectations of the contract. An attacker could create an order hash using different parameters than what is actually encoded in the orderInfo. This could potentially allow the attacker ...

Unchecked token transfer

Lines of code Vulnerability details Impact Unchecked token transfer Proof of Concept Since the contract will work with many different ERC721 tokens, and not all of them are based, for instance, on the OZ ERC721 token contract. And some tokens can return False instead of reverting a transaction in...

Low level calls to accounts with no code will succeed in multiexcall function

Lines of code Vulnerability details Impact Low level calls behave differently than function calls in Solidity. Calls at the EVM level to accounts with no code are successful, this is the expected and normal behavior. It is Solidity that adds checks to prevent accidental calls to accounts with no...

ERC721 tokens are blocked in rdpxV2Core contract

Lines of code Vulnerability details The admin has the right to recover an ERC721 token in the UniV3LiquidityAMO contract. He needs to call recoverERC721 and provide the tokenAddress and tokenid values, where the token with tokenid will be transferred to the rdpxV2Core contract...

In LensBaseERC721.sol#_transfer() Lack of check from==to

Lines of code Vulnerability details Impact In LensBaseERC721.soltransfer balances of from and to are stored in temporary variables and after the subtration, addition operation the results are written to storage. In the second operation since the original balance is used in the addition operation,...

Missing owner check on from when transferring tokens

Lines of code Vulnerability details Impact The LensBaseERC721.transferFrom/safeTransferFrom/burn they check approvals on msg.sender through isApprovedOrOwnermsg.sender, tokenId, it is never checked that the specified from parameter is actually the owner of the NFT. An attacker can decrease other...

LSP8CompatibleERC721InitAbstract._checkOnERC721Received return value is incorrect

Lines of code Vulnerability details Impact Can be transferred to EOA through safeTransferFrom Proof of Concept problematic code call path safeTransferFrom-safeTransfer-checkOnERC721Received safeTransferFrom annotate / @inheritdoc ILSP8CompatibleERC721 @dev Compatible with ERC721 safeTransferFrom...