Lucene search
K

7 matches found

Code423n4
Code423n4
•added 2023/07/31 12:0 a.m.•4 views

Cannot unfollow a profile without having access to the Follow NFT

Lines of code Vulnerability details Impact In scenarios where a user fails to unfollow a profile before selling his follow NFT, he could forever be unable to unfollow the profile. Proof of Concept A user could sell his follow NFT without unfollowing a profile. If the new owner of the follow NFT...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/11 12:0 a.m.•23 views

Using memory instead of storage in 'redeemPositions' will result in incorrect LP Balance

Lines of code Vulnerability details Impact This bug could lead to a situation where a user can 'redeem' their positions without the associated liquidity positions LPs being properly reset. This could result in the user being able to artificially inflate their LP balance, which could lead to...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/28 12:0 a.m.•9 views

Ownership NFT Can be Minted by Anyone

Lines of code Vulnerability details Impact In Turnstile.sol, register is a public function callable by anyone. Any msg.sender calling this function the first time is going to bypass the modifier onlyUnregistered. As long as a non-zero recipient has been inputted, a new NFT is going to be minted t...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/06 12:0 a.m.•16 views

Owner of project NFT has no purpose

Lines of code Vulnerability details Owner of project NFT has no purpose Impact Creating a new project mints a NFT to the sender builder. The builder of a project has special permissions and is required to perform various tasks. However, if the minted NFT is transferred to a different address, the...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/01 12:0 a.m.•10 views

The function _transferFrom doesn't work

Lines of code Vulnerability details In VoteEscrowDelegation.sol L242, the function removeDelegation is called externally with the syntax this., but that external call changes the msg.sender. So in the function removeDelegation, msg.sender will be the contract itself, not the user. But this functi...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/19 12:0 a.m.•20 views

When setSubnodeOwner transfers ownership of sub-domain the new owner can perform actions before fuses are burned

Lines of code Vulnerability details Impact Function NameWrapper.setSubnodeOwner can be used to transfer ownership of a sub-domain to a new owner and, at the same time, burn fuses. A possible use-case could be that a domain owner wants to transfer ownership of the sub-domain but burn fuses in orde...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/02/28 12:0 a.m.•12 views

_autoAcceptOffer doesn't check if caller of setBuyPrice owns the NFT

Lines of code Vulnerability details Impact An attacker can create an offer then auto accept that offer for an NFT they don't own. This can happen for any NFT that the contract is approved for, or any NFT left in escrow with no active limitations Proof of concept Alice has an NFT that they either...

6.9AI score
Exploits0
Rows per page
Query Builder