4 matches found
CVE-2022-35621
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers...
Anyone can burn/steal other users' wrapped follow NFTs
Lines of code Vulnerability details Impact Anyone can unwrap any follow NFT Attackers can steal follows by burning them Owners lose their follows without consent Proof of Concept The lack of ownership check in the unwrap function creates a vulnerability where anyone can unwrap and steal a follow...
Malicious user able to start auction to any NFT
Lines of code Vulnerability details Impact Any address can start an auction for an NFT, regardless of whether they are the actual owner of the NFT. This vulnerability could allow an attacker to start auctions for NFTs that they do not own, potentially leading to financial losses for the true owne...
Potential reentrancy in safeTransferFrom functions
Handle 0xRajeev Vulnerability details Impact Reentrancy possible from onERC721Received implementation of a malicious contract at to address. But it doesn’t look like this cannot be exploited here because there are no state effects after the external interaction i.e. CEI pattern holds. Consider...