Lucene search
+L

16 matches found

ossf
ossf
added 2025/02/03 9:1 a.m.4 views

Malicious code in nft-transfer-transformer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90b61c51743bbb7e45afbab35984b72d25a2743ce9b95ce35a49bf6637a29bca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
ossf
ossf
added 2025/02/03 9:1 a.m.2 views

Malicious code in nft-transfer-transforme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a09653a1d426cf6f90d650d5969507f62361acd5a0358bc0fa0dc59045a160cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2025/02/03 9:1 a.m.2 views

MAL-2025-1155 Malicious code in nft-transfer-transformer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90b61c51743bbb7e45afbab35984b72d25a2743ce9b95ce35a49bf6637a29bca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
osv
osv
added 2025/02/03 9:1 a.m.6 views

MAL-2025-1154 Malicious code in nft-transfer-transforme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a09653a1d426cf6f90d650d5969507f62361acd5a0358bc0fa0dc59045a160cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
code423n4
code423n4
added 2023/12/12 12:0 a.m.7 views

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/06/02 12:0 a.m.11 views

withdrawNftWithInterest() possible take away other Lien's NFT

Lines of code Vulnerability details Impact Possible take away other Lien's NFT Proof of Concept withdrawNftWithInterest Used to retrieve NFT The only current restriction is that if you can transfer out of NFT, it means an inactive loan function withdrawNftWithInterestLien calldata lien, uint256...

6.7AI score
Exploits0
code423n4
code423n4
added 2023/01/30 12:0 a.m.10 views

claim can run out of gas

Lines of code Vulnerability details Impact If the claim function runs out of gas, the caller can never claim any rewards without transferring the nfts to another address first Proof of Concept Currently, the claim function loops over the msg.senders NFT's. If this list ever becomes too large, the...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/12/16 12:0 a.m.10 views

The NFT can be transferred to the owner immediately after startDraw()

Lines of code Vulnerability details lastResortTimelockOwnerClaimNFT as the name says is used in case the winning user doesn't retrieve the won NFT token and in such case the owner can rescue the NFT from the contract. The mentioned function can be only called after a certain period is passed: if...

6.7AI score
Exploits0
code423n4
code423n4
added 2022/10/10 12:0 a.m.13 views

_executeTokenTransfer() can silently fail for malicious ERC721 implementations.

Lines of code Vulnerability details Impact execute calls executeTokenTransfer to perform the NFT transfer from seller to buyer. The function assumes correct safeTransferFrom functionality and does not check balances. In case of malicious - or poorly designed pausable ERC721 implementations, this...

6.7AI score
Exploits0
code423n4
code423n4
added 2022/09/15 12:0 a.m.12 views

NFT could be locked in settlement

Lines of code Vulnerability details Impact transferFrom is used to transfer NFT in settlement. If the receiver is a contract without appropriate way to handle the NFT, the NFT might be locked in there and non retrievable. Proof of Concept There is no check if the receiver can deal with NFT if it ...

6.8AI score
Exploits0
cnnvd
cnnvd
added 2022/09/06 12:0 a.m.6 views

Elrond go 输入验证错误漏洞

Elrond go is an open source go implementation of the Elrond Network protocol by Elrond Network. An input validation error vulnerability exists in Elrond go versions prior to 1.3.34, which stems from a missing function name in MultiESDTNFTTransfer...

7.5CVSS7.2AI score0.00988EPSS
Exploits1References4
code423n4
code423n4
added 2022/08/01 12:0 a.m.6 views

User is unable to remove delegation and transfer NFT

Lines of code Vulnerability details Impact The transferFrom in VoteEscrowDelegation.sol should be change to an external function. Currently, the function is unable to be called by any user since it is an internal function and there's no call to the function from another Golom contract. With above...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/06/19 12:0 a.m.7 views

_transferNFTs can end up transferring nothing

Lines of code Vulnerability details Malicious maker can list an NFT that conforms to ERC-165, but reports that it's neither ERC721, nor ERC1155, i.e. both supportsInterface0x80ac58cd and supportsInterface0xd9b67a26 are false. In all other regards it can be fully valid NFT, for example having...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/06/19 12:0 a.m.15 views

Maker buy order with no specified NFT tokenIds may get fulfilled in matchOneToManyOrders without receiving any NFT

Lines of code Vulnerability details The call stack: matchOneToManyOrders - matchOneMakerSellToManyMakerBuys - execMatchOneMakerSellToManyMakerBuys - execMatchOneToManyOrders - transferMultipleNFTs Based on the context, a maker buy order can set OrderItem.tokens as an empty array to indicate that...

6.6AI score
Exploits0
code423n4
code423n4
added 2022/02/14 12:0 a.m.9 views

Approvals not cleared when transferring profile

Lines of code Vulnerability details Impact The ApprovalFollowModule.approve function is indexed by both owner = IERC721HUB.ownerOfprofileId, profileId in case the profileId NFT is transferred. However, upon transfer, the old approvals are not cleared. This can lead to similar issues as OpenSea no...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/05/19 12:0 a.m.6 views

NFT transfer approvals are not removed and cannot be revoked thus leading to loss of NFT tokens

Handle 0xRajeev Vulnerability details Impact NFT transfer approvals that are set to true in approveTransferERC721 are never set to false and there is no way to remove such an nft approval. Impact-1: The approval is not removed set to false after a transfer in transferERC721. So if the NFT is ever...

6.8AI score
Exploits0
Rows per page
Query Builder