2 matches found
MarketFees's treasury can have potentially a malicious admin
Lines of code Vulnerability details Impact / Proof of Concept In contracts/FoundationTreasury.sol, an attacker can frontrun a call to initialize to register as an admin. If the address of this treasury is shared or is already shared with NFTDropMarket's constructor line 83, then on line 87,...
the 1st creator can get a little amount or 0 creatorShares
Lines of code Vulnerability details Impact On line 513 the MarkerFees.getFees function if there is more than one creatorRecipients it will loop through them and set there payment after that it will subtract creatorRev - totalRoyaltiesDistributed and set it to the the 1st creatorRecipients...