Mitigation of H-02: See comments

Lines of code Vulnerability details The PR applies the recommended mitigation from the finding, but doesn't take into account the rounding issue identified in M-09 Impact If the price the NFT is bought for is not an exact multiple of the filledQuantities, there will be a loss of precision, and...

Mitigation of M-01: Issue not mitigated

Lines of code Vulnerability details Mitigation of M-01: Issue not mitigated --- The text was updated successfully, but these errors were encountered: All reactions...

Mitigation of M-03: See comments

Lines of code Vulnerability details The PR does not follow the recommended mitigation from the finding, and instead still allows under-priced bids to be added if the total value being added is at least a multiple of the minimum reserve price. Impact If, for example, the reserve price is 10 Eth,...

Only one GroupBuy can ever use USDT or similar tokens with front-running approval protections

Lines of code Vulnerability details The issue that is described in code-423n4/2022-12-tessera-findings37 was not mitigated and still applies like it is described there. --- The text was updated successfully, but these errors were encountered: All reactions...

GroupBuy may purchase NFT not in the allowed list

Lines of code Vulnerability details The issue that is described in code-423n4/2022-12-tessera-findings14 was not mitigated and still applies like it is described there. --- The text was updated successfully, but these errors were encountered: All reactions...

When user of GroupBuy is a contract, refunds will be permanently frozen.

Lines of code Vulnerability details Description claim function is used in GroupBuy to mint Raes proportional to user's contribution to the purchased NFT. withdrawBalance is used to get back funds which are not part of the contribution. They both contain an unsafe call with ETH. For example:...

GroupBuy can be drained of all ETH.

Lines of code Vulnerability details Description purchase in GroupBuy faciilitates the purchasing of an NFT after enough contributions were gathered. Another report titled "Attacker can steal the amount collected so far in the GroupBuy for NFT purchase" describes a high impact bug in purchase. It ...

contribute() locks too much ETH from the user

Lines of code Vulnerability details Impact In the contribute function of the GroupBuy contract, even if the filledQuantity is less than quantity, all the ETH provided by the user is locked in the contract, and the user can only call claim to get it back after purchasing NFT or Pool expires, which...

Anyone can use funds in GroupBuy.sol to buy the NFTs for themselves

Lines of code Vulnerability details The GroupBuy contract allows users to pool their funds in order to buy specific NFTs once enough funds have been raised. The purchace function does not do any caller authorization and allows the caller to pass in an arbitrary address for executing the buy. The...

Earlier bidders get cut out of future NFT holdings by bidders specifying the same price.

Lines of code LOC: Vulnerability details Description In GroupBuy module, users can call contribute to get a piece of the NFT pie. There are two stages in transforming the msg.value to holdings in the NFT. 1. filling at any pricesupply is not yet saturated uint256 fillAtAnyPriceQuantity =...

Attacker can make group pay for tokenID that is not intended.

Lines of code Vulnerability details Description purchase in GroupBuy.sol executes the purchase call for the group. There are two possibilities for which tokenIDs can be bought in GroupBuy: 1. If the group is for a specific NFT, the tokenID is the value in pool.merkleRoot variable. 2. If the group...

Groupbuy: Construction of merkle tree allows some unintended IDs to be bought

Lines of code Vulnerability details Impact In GroupBuy.purchase, when no proof is provided, it is required that the provided token ID is equal to the stored merkleRoot: if purchaseProof.length == 0 // Hashes tokenId to verify merkle root if proof is empty if bytes32tokenId != merkleRoot revert...

Groupbuy: _verifyUnsuccessfulState and _verifySuccessfulState both can return true when block.timestamp == pool.terminationPeriod

Lines of code Vulnerability details Impact The functions verifyUnsuccessfulState and verifySuccessfulState should always have a differing behavior with regards to reversion, i.e. when one does not revert, the other should revert. In one condition, this is not true. Namely, when we have pool.succe...

User can provide malicious _market in GroupBuy.purchase to steal funds or NFT

Lines of code Vulnerability details Impact The argument market of GroupBuy.purchase is not validated. The following call is directly performed on it: address vault = IMarketBuyermarket.executevalue: pricepurchaseOrder; Then, it is checked that the returned address owns the NFT: if...

Reentrancy in GroupBuy.purchase allows buying NFT twice

Lines of code Vulnerability details Impact In GroupBuy.purchase, poolInfopoolId.success which prevents buying the same NFT again is only set to true after the sale was executed. This can be exploited by reentering in the following line: address vault = IMarketBuyermarket.executevalue:...

GroupBuy may purchase NFT not in the allowed list

Lines of code Vulnerability details Impact When purchaseProof.length == 0, GroupBuy.purchase compare the tokenId with the merkleRoot. This allow any tokenId that match the merkleRoot to be purchased, even if they are not included in the allow list during setup. if purchaseProof.length == 0 //...

Joomla! JEXTN Groupbuy 4.0.0 Cross Site Scripting

Title: Joomla! JEXTN Groupbuy 4.0.0 - XSS Credit: Bilal KARDADOU Vendor: http://www.jextn.com URL: https://extensions.joomla.org/extensions/extension/social-web/social-buy/jextn-groupbuy/ Product: 'Joomla! JEXTN Groupbuy 4.0.0' Developer: jextn.com Last updated: Jan 04 2016 Compatibility: 3.X Typ...

Ecmall 2.x 多处安全漏洞汇总

简要描述： 一处通杀注入，同文件多处鸡肋注入，一处本地包含。累了不看了，体力活。。。 详细说明： 通杀注入:http://localhost/ecmall/index.php?app=mygoods&act=brandlist&order=asc&sort=1 and select username from ecmmember where userid=1 union select 1 from select count,concatfloorrand02,select concatusername,password from ecmmember limit 0,1a from...

ECMall 2.2 app/groupbuy.app.php delay injection vulnerability-vulnerability warning-the black bar safety net

ECMall community e-Commerce systemreferred to as ECMallis Shanghai commercial school network Technology Co., Ltd. following the ECShop after the launch of yet another e-Commerce sister product app\groupbuy. app. php:2 6: function index $id = empty$GET'id' ? 0 : $GET'id'; //id not filtered if !$ i...