7 matches found
Attacker can steal the amount collected so far in the GroupBuy for NFT purchase.
Lines of code Vulnerability details Description purchase in GroupBuy.sol executes the purchase call for the group. After safety checks, the NFT is bought with market's execute function. Supposedly it deploys a vault which owns the NFT. The code makes sure the vault is the new owner of the NFT and...
Attacker can make group pay for tokenID that is not intended.
Lines of code Vulnerability details Description purchase in GroupBuy.sol executes the purchase call for the group. There are two possibilities for which tokenIDs can be bought in GroupBuy: 1. If the group is for a specific NFT, the tokenID is the value in pool.merkleRoot variable. 2. If the group...
GroupBuy can be drained of all ETH.
Lines of code Vulnerability details Description purchase in GroupBuy faciilitates the purchasing of an NFT after enough contributions were gathered. Another report titled "Attacker can steal the amount collected so far in the GroupBuy for NFT purchase" describes a high impact bug in purchase. It ...
Users can lose funds if they call buy with _amount larger than type(uint48).max.
Lines of code Vulnerability details Impact The function buy take amount of type uint256 as input. amount is used to check if msg.value is correct depending on the sale price as follows: requireamount sale.price == msg.value, "WRONG PRICE"; but is not casted to uint48 as done to calculate the newI...
The attacker can steal the ETH of users that wanted to buy an NFT by sandwiching the victim transaction.
Lines of code Vulnerability details Impact The attacker can steal the ETH of users that wanted to buy an NFT by sandwiching the victim transaction. Proof of Concept In non-atomic some of the orders could fail and funds should return and the end of execute function - . But the returnETHIfAny...
Buyer can receive chargeback from fees.
Lines of code Vulnerability details Impact Since there is no check on who the fees.recipient is in the sell order, the buyer could be the fees recipient, with some additional signature malleability to pass the signature validation, the buyer would receive fees, thus pay less for the NFT. Proof of...
Early contributor can always become majority of crowdfund leading to rugging risks.
Lines of code Vulnerability details Description Voting power is distributed to crowdfund contributors according to the amount contributed divided by NFT purchase price. Attacker can call the buy function of BuyCrowdfund / CollectionBuyCrowdfund, and use only the first X amount of contribution fro...