2 matches found
Compromised admin can instantly take all NFTs held in NToken contracts
Lines of code Vulnerability details Description executeAirdrop is a function admin may call in order to collect airdrops for NFTs held in ParaSpace's nToken contract. function executeAirdrop address airdropContract, bytes calldata airdropParams external override onlyPoolAdmin require...
PoolAdmin can steal NFT from NTokens
Lines of code Vulnerability details Impact The executeAirdrop function allow pool admin to execute arbitrary call to arbitrary contract, including a transferFrom call to the underlying NFT contract. This can be used by the pool admin to steal NFT inside the NToken contracts. Since the rescueERC72...