2 matches found
No check for nftcollection address leads to the user's loss in NFTDropMarket
Lines of code Vulnerability details Impact There is no check for nftContract address in function createFixedPriceSale of NFTDropMarketFixedPriceSale.sol. The seller can deploy a malicious NFT collection contract, everything is very like the collection produced by NFTCollectionFactory except the...
MarketFees's treasury can have potentially a malicious admin
Lines of code Vulnerability details Impact / Proof of Concept In contracts/FoundationTreasury.sol, an attacker can frontrun a call to initialize to register as an admin. If the address of this treasury is shared or is already shared with NFTDropMarket's constructor line 83, then on line 87,...