Lucene search
K

6 matches found

Code423n4
Code423n4
added 2022/12/19 12:0 a.m.13 views

Attacker can make group pay for tokenID that is not intended.

Lines of code Vulnerability details Description purchase in GroupBuy.sol executes the purchase call for the group. There are two possibilities for which tokenIDs can be bought in GroupBuy: 1. If the group is for a specific NFT, the tokenID is the value in pool.merkleRoot variable. 2. If the group...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.13 views

Invalid tokens can be added to the pair

Lines of code Vulnerability details Impact merkleRoot is a bytes32 and it is compared to bytes230 which makes it possible for a non-zero merkleRoot to be set in the constructor and yet still all tokens will be declared as valid Proof of Concept Tools Used Manual Audit Recommended Mitigation Steps...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/18 12:0 a.m.17 views

GroupBuy may purchase NFT not in the allowed list

Lines of code Vulnerability details Impact When purchaseProof.length == 0, GroupBuy.purchase compare the tokenId with the merkleRoot. This allow any tokenId that match the merkleRoot to be purchased, even if they are not included in the allow list during setup. if purchaseProof.length == 0 //...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.6 views

merkleRoot can be set by delegatecall(), violate setMerkelRoot()

Lines of code Vulnerability details Impact When delegatecall to target, the context is on Caller contract, all state change logics reflect on Caller’s storage. If the Vault contract calls the malicious contract by function execute,the important storage variable merkleRoot can be modified. Accordi...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.8 views

delegatecall() modify merkleRoot, vault may lose all

Lines of code Vulnerability details Impact If the vault contract delegatecall the malicious contract by execute,the important variable merkleRoot can be modified. If the merkleRoot is set well designed, the vault will lose all tokens. Because, there are two main requirements for function execute ...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.9 views

DoS: Attacker May Front-Run createSplit() With A merkleRoot Causing Future Transactions With The Same merkleRoot to Revert

Lines of code Vulnerability details Impact A merkleRoot may only be used once in createSplit since it is used as salt to the deployment of a SplitProxy. The result is an attacker may front-run any createSplit transaction in the mem pool and create another createSplit transaction with a higher gas...

6.7AI score
Exploits0
Rows per page
Query Builder