3 matches found
Exploring the Vulnerabilities of Seaport: A Technical Analysis of a Fake Signature Attack on Non-Fungible Tokens
Lines of code Vulnerability details Impact This finding aims to provide a comprehensive analysis of the sc4m trend, which emerged in August 2022, and has since been a prevalent issue in the WEB3 space. Despite efforts to combat this phenomenon, bad actors continue to engage in illicit activities,...
The NFT can be transferred to the owner immediately after startDraw()
Lines of code Vulnerability details lastResortTimelockOwnerClaimNFT as the name says is used in case the winning user doesn't retrieve the won NFT token and in such case the owner can rescue the NFT from the contract. The mentioned function can be only called after a certain period is passed: if...
getRandomTokenIdFromFund not really random
Handle gpersoon Vulnerability details Impact The function getRandomTokenIdFromFund of NFTXVaultUpgradeable.sol is not really random, as noted in the name of the function getPseudoRand. The value of the blockhashblock.number - 1 is fully determined for al the transactions in the same block. The...