2 matches found
MarketFees's treasury can have potentially a malicious admin
Lines of code Vulnerability details Impact / Proof of Concept In contracts/FoundationTreasury.sol, an attacker can frontrun a call to initialize to register as an admin. If the address of this treasury is shared or is already shared with NFTDropMarket's constructor line 83, then on line 87,...
Foundation Treasury initialize() function can be called by an attacker first
Lines of code Vulnerability details Impact In FoundationTreasury.sol the initialize function can only be called once setting the admin and operator roles which are used in other contracts. The problem is that this initialize function is not called in any deployment script which means an attacker...