Lucene search
K

8 matches found

Code423n4
Code423n4
added 2022/12/16 12:0 a.m.11 views

Function fulfillRandomWords in VRFNFTRandomDraw contract must not revert

Lines of code Vulnerability details The VRFNFTRandomDraw contract implements the Chainlink VFR feature to pull random data to select the raffle winner. As per their security guidelines the implementation of the fulfillRandomWords function must not revert. Impact If the fulfillRandomWords function...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.8 views

Use safeTransferFrom instead of transferFrom for ERC721 transfers

Lines of code Vulnerability details Impact In the contract VRFNFTRandomDraw.sol every transfer of ERC721 are done with the transferFrom instead of the recommended safeTransferFrom. This transferFrom does not check whether the receiver is capable of proper handling of NFTs. Proof of Concept If the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.5 views

The recoverTimelock does not sufficiently protect against an admin withdrawing the NFT before a user is able to claim it

Lines of code Vulnerability details Impact When a VRFNFTRandomDraw contract is initialized, the recoverTimelock variable is set. The variable should be used to prevent the admin from calling the lastResortTimelockOwnerClaimNFT function before a certain amount of time has passed to ensure that the...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.6 views

Bad actor can burn VRFCoordinatorV2 LINK's balance

Lines of code Vulnerability details Impact All VRFNFTRandomDraw instances share the same VRFCoordinatorV2 address, and LINK fees are deducted from this smart contract. There are a couple of issues that may be exploited by malicious actor to overinflate calls to VRF and in lead to griefing, e.g. B...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.12 views

Draw admin/owner can rug the winner after recoverTimelock expires.

Lines of code Vulnerability details Impact The admin/owner of VRFNFTRandomDraw can wait for recoverTimelock to expire before making the draw. This way he can use lastResortTimelockOwnerClaimNFT to take back the reward NFT from the contract without any time to allow for the winner to claim. He cou...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.8 views

Malicious ChainLink's VRF manager can decide to not whitelist VRFNFTRandomDraw or brick ongoing raffles

Lines of code Vulnerability details Impact ChainLinks VRF manager has priviledged position, as all VRFNFTRandomDraw instances share the same VRFCoordinatorV2 address, and have to be whitelisted in order to be able to send requestRandomWords function. There is centralization risk in this case, tha...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.8 views

A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.11 views

In case the winner is the address(0)

Lines of code Vulnerability details Impact Temporary freezing NFT this can be more than one period Proof of Concept On VRFNFTRandomDraw.fulfillRandomWords 254 request.currentChosenTokenId = 255 randomWords0 % tokenRange + 256 settings.drawingTokenStartId; In case ownerOfrequest.currentChosenToken...

6.8AI score
Exploits0
Rows per page
Query Builder