Lucene search
K

7 matches found

Code423n4
Code423n4
•added 2023/02/02 12:0 a.m.•14 views

An approved operator of a CID NFT owner can steall any subprotocol NFTs from the CID NFT Owner and his other approved operators.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An approved operator of a CID NFT owner, if becomes malicious or compromised, can steal any subprotocol NFTs from the CID NFT Owner and his other approved operators. This is possible because: after...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/21 12:0 a.m.•9 views

NFT owner only is allowed for liquidation, this may not work for all the cases, the debt can be insolvent

Lines of code Vulnerability details Impact When bad debt is not paid or not able to recover the through auction of NFT, then the debt will be insolvent. Proof of Concept Contract allows for liquidation to recover the debt. Also, it has the auctioning mechanism to recover the debt by selling the...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/16 12:0 a.m.•9 views

The raffle could be slightly unfair as the owner of NFT ID which is closer to drawingTokenStartId could have more chance to win

Lines of code Vulnerability details Impact The raffle could be slightly unfair as the owner of NFT ID which is closer to drawingTokenStartId could have more chance to win. Proof of Concept As written in , "We want to raffle away a single NFT token based off of another NFT collection or drawingTok...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/12 12:0 a.m.•13 views

Liquidity cannot be removed by an approved address via Router

Lines of code Vulnerability details Impact Using the Router, liquidity can only be removed by the owner of an NFT, which significantly limits liquidity management. The Pool contract, however, does allow approved addresses to remove liquidity. Proof of Concept The Router contract is a higher level...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/22 12:0 a.m.•11 views

NFT Owner can keep add new tiers to increase the NFT supply with no upper limit to dilute the redemption power of the NFT from old tiers

Lines of code Vulnerability details Impact Owern can adjust tiers, adding tiers with no restriction. function adjustTiersJB721TierParams calldata tiersToAdd, uint256 calldata tierIdsToRemove // Add the tiers. if numberOfTiersToAdd != 0 // Record the added tiers in the store. uint256 memory...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/02/28 12:0 a.m.•6 views

NFT owner can create multiple auctions

Lines of code Vulnerability details Impact NFT owner can permanently lock funds of bidders. Proof of concept Alice the attacker calls createReserveAuction, and creates one like normal. let this be auction id 1. Alice calls createReserveAuction again, before any user has placed a bid this is easy ...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/02/25 12:0 a.m.•8 views

NFT owner can change tokenURI

Lines of code Vulnerability details Impact In the ERC721OnChain implementation the token owner can set the token's URI using setTokenURI. Usually, this is token URI points to data defining the NFT attributes, images, etc.. It's usually set by the contract owner. A user that owns an NFT can just...

6.9AI score
Exploits0
Rows per page
Query Builder