Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game

North Korean hackers from Lazarus Group exploited a zero-day vulnerability in Google Chrome to target cryptocurrency investors with…...

All approved addresses can burn tokens

Lines of code Vulnerability details Impact The burn function calls isApprovedOrOwner to check if a caller is authorized to burn tokens. This means that any address that has been approved can burn a user's token. Reading the ERC721 documentation from OpenZeppelin makes it understood that the...