5 matches found
Risk of accidental DoS while receiving NFTs from marketplaces
Lines of code Vulnerability details Risk of accidental DoS while receiving NFTs from marketplaces The implementation of onERC721Received can lead to an accidental denial of service. Impact The Particle protocol supports creating liens by pushing the NFT instead of the usual pull approach. This is...
Improper access control
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers...
CVE-2022-35621
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers...
[NAZ-M3] Use safeTransferFrom() instead of transferFrom() for ERC721 transfers
Lines of code Vulnerability details Impact The transferFrom method is used instead of safeTransferFrom, presumably to save gas. I however argue that this isn’t recommended because: OpenZeppelin’s documentation discourages the use of transferFrom, use safeTransferFrom whenever possible. Given that...
Approval for NFT transfers is not removed after transfer
Handle cmichel Vulnerability details Vulnerability Details The Visor.transferERC721 does not reset the approval for the NFT. Impact An approved delegatee can move the NFT out of the contract once. It could be moved to a market and bought by someone else who then deposits it again to the same vaul...