PT-2022-28275 · Tuf · Tuf

Name of the Vulnerable Software and Affected Versions: TUF versions 0.14.0 through 0.15.x Description: The issue concerns the verify root self signed function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new...

Missing threshold check on critical protection mechanism minRentalDayDivisor

Handle 0xRajeev Vulnerability details Impact Minimum rental duration is acknowledged as one of the two critical protection mechanisms for the market functioning. The setMinRental is called from the constructor with 246 which sets the minimum duration to 10 minutes. However, a threshold check is...

Missing zero/threshold check for NFT sale duration

Handle 0xRajeev Vulnerability details Impact A zero or some minimum threshold check is missing for saleDuration parameter of startSale function which sets the duration of the public sale of NFTs. If accidentally set to 0 then sales happen at zero price according to the logic in getPrice leading t...