Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/06/09 12:0 a.m.42 views

Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts

Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.13 views

MintableIncentivizedERC721 incorrectly implements safe transfers

Lines of code Vulnerability details Impact MintableIncentivizedERC721 incorrectly implements safeTransfer and safeTransferFrom by simply replicating the unsafe transfer/transferFrom function. Raising as medium because as a consequence of this, these ERC721 tokens may end up locked in contracts th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.9 views

Upgraded Q -> M from 207 [1666364300864]

Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: L-03 Use safeTransferFrom for ERC721 tokens Description As OpenZeppelin recommends, the transferFrom function should not be used for transferring ERC721 NFT tokens and instead the safeTransferFrom function shoul...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.14 views

Upgraded Q -> M from 400 [1666366553858]

Judge has assessed an item in Issue 400 as Medium risk. The relevant finding follows: Use safeTransferFrom instead of transferFrom transferFrom can be replaced with safeTransferFrom as it makes sure that the receiver can handle ERC721 tokens and prevents it from being stuck in the contracts Refer...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/06 12:0 a.m.11 views

Upgraded Q -> M from 119 [1654475092615]

Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: Checking whether the receiver is capable of holding ERC721 The contract usessafeTransfer for ERC20 but uses transferFrom for ERC721 in both exercise and withdraw which may lead to the loss of ERC721 if the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/07 12:0 a.m.8 views

Using transferFrom on ERC721 tokens transfer

Lines of code Vulnerability details Impact In the function closeLoan of contract NFTLoanFacilitator, collateral ERC721 token is sent to sendCollateralTo, the transferFrom keyword is used instead of safeTransferFrom. If any sendCollateralTo is a contract and is not aware of incoming ERC721 tokens,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/05 12:0 a.m.6 views

use of transferFrom

Lines of code Vulnerability details Impact NFTLoanFaciltator.closeLoan function uses transferFrom to transfer the collateral to "sendCollateralTo" address and if the contract and is not aware of incoming ERC721 tokens, the sent tokens could be locked forever Proof of Concept Tools Used Manual...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/24 12:0 a.m.11 views

Using transferFrom on ERC721 tokens

Handle shw Vulnerability details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winners, the transferFrom keyword is used instead of safeTransferFrom. If any winner is a contract and is not aware of incoming ERC721 tokens, the sent...

6.9AI score
Exploits0
Rows per page
Query Builder