Lucene search
K

15 matches found

Code423n4
Code423n4
added 2023/12/08 12:0 a.m.12 views

Usage of _safeMint in NextGenCore@_mintProcessing allows an attacker to reenter when onERC721Received is called

Lines of code Vulnerability details Impact An attacker can : Exceed the per address allowance in Fixed Price Sale, Exponential Descending Sale and Linear Descending Sale modes. Cause a loss for another user in Burn-to-Mint mode by accepting an offer when onERC721Received is triggered. Proof of...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.8 views

[H-02] The Ocean contract and the onERC721Received function is vulnerable to read-only re-entrancy

Lines of code Vulnerability details Impact The contract.function called Ocean.onERC721Received is vulnerable to read-only re-entrancy. The read-only re-entrancy is possible if the contract function is called externally from another contract. What follows are the functions that are traversed throu...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.7 views

TokenisableRange.sol does not have onERC721Received

Lines of code Vulnerability details Impact TokenisableRange.sol will be unable to mint Uniswap NFTs without a ERC721 Receiver. Proof of Concept TokenisableRange.sol intends to create liquidity NFTs using Uniswapv3 NonfungiblePositionManager. However, there is no callback to check onERC721Received...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.18 views

Using transferFrom on ERC721 tokens transfer

Lines of code Vulnerability details Impact The transferFrom method is used instead of safeTransferFrom which is not recommended. It can result in loss of NFT if the address is not able to handle the received NFT. OpenZeppelin’s documentation discourages the use of transferFrom, use safeTransferFr...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.8 views

Operator can buy papr with PaprController as the debtor.

Lines of code Vulnerability details Impact This requires that an NFT is in auction. When an operator calls purchaseLiquidationAuctionNFT the price variable is determined by a call to purchaseNFTAndUpdateVaultIfNeeded which calls purchaseNFT which calls safeTransferFrom on the auctionAssetContract...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/18 12:0 a.m.10 views

Reentrancy in GroupBuy.purchase allows buying NFT twice

Lines of code Vulnerability details Impact In GroupBuy.purchase, poolInfopoolId.success which prevents buying the same NFT again is only set to true after the sale was executed. This can be exploited by reentering in the following line: address vault = IMarketBuyermarket.executevalue:...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.8 views

Use safeTransferFrom instead of transferFrom for ERC721 transfers

Lines of code Vulnerability details Impact In the contract VRFNFTRandomDraw.sol every transfer of ERC721 are done with the transferFrom instead of the recommended safeTransferFrom. This transferFrom does not check whether the receiver is capable of proper handling of NFTs. Proof of Concept If the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.13 views

Upgraded Q -> M from 463 [1666363539691]

Judge has assessed an item in Issue 463 as Medium risk. The relevant finding follows: Ignores return value of onERC721Received The try block should include a check to make sure the function returns its selector as specified by IERC721Receiver. While the function may have the same parameters as th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/27 12:0 a.m.7 views

Use safeTransferFrom instead of transferFrom for ERC721 transfers

Lines of code Vulnerability details Impact Any NFTs can be transferred here, there are a few NFTs here’s an example that have logic in the onERC721Received function, which is only triggered in the safeTransferFrom function and not in transferFrom. Tools Used Solidity Visual Developer of VSCode...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.11 views

[NAZ-M3] Use safeTransferFrom() instead of transferFrom() for ERC721 transfers

Lines of code Vulnerability details Impact The transferFrom method is used instead of safeTransferFrom, presumably to save gas. I however argue that this isn’t recommended because: OpenZeppelin’s documentation discourages the use of transferFrom, use safeTransferFrom whenever possible. Given that...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/04 12:0 a.m.9 views

onERC721Received() could delegatecall to transder the tokens

Lines of code Vulnerability details onERC721Received could delegatecall to transder the tokens Impact Some onERC721Received could use delegatecall to drain the tokens Putty holds. Because the msg.sender is Putty contract, the tarnsfer can go through. Or taking the ownership of the Putty contract...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/07 12:0 a.m.10 views

Loan can not be repaid when the BorrowTicket's owner is a contract with no onERC721Received method

Lines of code Vulnerability details In repayAndCloseLoan, after the loan is repaid, the Collateral NFT will safeTransferFrom addressthis to the owner of the BorrowTicket NFT, which is the mintBorrowTicketTo used in createLoan, must implement the onERC721Received method for the safeTransferFrom to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/07 12:0 a.m.18 views

mintBorrowTicketTo can be a contract with no onERC721Received method, which may cause the BorrowTicket NFT to be frozen and put users' funds at risk

Lines of code Vulnerability details IERC721MintableborrowTicketContract.mintmintBorrowTicketTo, id; function mintaddress to, uint256 tokenId external override loanFacilitatorOnly mintto, tokenId; If mintBorrowTicketTo is a contract that does not implement the onERC721Received method, in the curre...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/05/17 12:0 a.m.9 views

anyone can call onERC721Received

Handle paulius.eth Vulnerability details Impact function onERC721Received does not authorize a caller thus anyone can add a new NFT passing arbitrary values to nftContract and tokenId even if they do not send the actual NFT. Recommended Mitigation Steps Authorize the caller depending on the...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/05/15 12:0 a.m.4 views

Unbounded for-loop bricks transferERC721()

Handle toastedsteaksandwich Vulnerability details Impact The nfts array in the Visor contract could become overpopulated, causing certain functions that loop over it to brick, due to the gas limit. These functions include transferERC721 and getNftIdByTokenIdAndAddr. The severity of this issue is...

6.9AI score
Exploits0
Rows per page
Query Builder