code-423n4 2023-10-nextgen-findings issues

code-423n4 / 2023-10-nextgen-findings

5 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Reentrancy in `NextGenMinterContract.mint()` allows exceeding max allowance and concurrent use of NFTs in `NextGenMinterContract.burnToMint()`

#2052 captainmangoC4 closed 11 months ago
3
Usage of _safeMint in NextGenCore@_mintProcessing allows an attacker to reenter when onERC721Received is called

#2050 captainmangoC4 closed 11 months ago
5
Multiple re-entrancy issues allowing stealing of funds and bypassing protocol mint limits

#2049 captainmangoC4 closed 11 months ago
4
Reentrancy in mint function leads to various problems

#2048 captainmangoC4 closed 11 months ago
8
The protocol is susceptible to reentrancy attacks.

#2047 captainmangoC4 closed 11 months ago
5
Reentrancy issue. User can easily mint more than allowed presale, bypassing merkle root limit

#2046 captainmangoC4 closed 11 months ago
5
An attacker can mint more than they are allowed due to MinterContract.sol#mint() reentrancy vulnerability

#2045 captainmangoC4 closed 11 months ago
5
NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option

#2044 captainmangoC4 closed 11 months ago
5
Reentrancy in mint function allows minting above the limit allowed per address / allowlisted address

#2043 captainmangoC4 closed 11 months ago
6
collection admin can still change delegation Address by calling setCollectionCosts()

#2042 thebrittfactor closed 11 months ago
6
Missing highBid value update returnHighestBidder would return the wrong HighestBidder causing nft to be minted to the wrong winner

#2041 thebrittfactor closed 1 year ago
3
DoS: Auction May Be Made Unusable By An Attacker

#2040 thebrittfactor closed 1 year ago
5
The reentrancy vulnerability in NextGenCore can allow an attacker to manipulate minting execution

#2039 thebrittfactor closed 1 year ago
6
AuctionDemo opens itself several DoS attack vectors

#2038 c4-submissions closed 11 months ago
9
The `Transfer` event is emitted successfully in `MinterContract#mintAndAuction()` even when the transaction has failed, leading to inaccurate accounting in off-chain systems.

#2037 c4-submissions closed 11 months ago
5
QA Report

#2036 c4-submissions opened 1 year ago
4
tokenHash could be fail to update for minted tokenId

#2035 c4-submissions closed 11 months ago
6
Gas Optimizations

#2034 c4-submissions closed 11 months ago
3
No time input validation

#2033 c4-submissions closed 11 months ago
6
Missing deadline checks

#2032 c4-submissions closed 11 months ago
5
Analysis

#2031 c4-submissions closed 11 months ago
3
QA Report

#2030 c4-submissions closed 11 months ago
3
Bidder Can Retrieve Bid Amount Twice in `claimAuction`

#2029 c4-submissions closed 1 year ago
6
Analysis

#2028 c4-submissions closed 11 months ago
5
Missing gas fee limit

#2027 c4-submissions closed 11 months ago
5
Analysis

#2026 c4-submissions opened 1 year ago
2
Multiple instances of reentrancy

#2025 c4-submissions closed 11 months ago
6
AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be `>` instead of `>=`.

#2024 c4-submissions closed 11 months ago
4
AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be `>` instead of `>=`.

#2023 c4-submissions closed 1 year ago
1
Cross-Contract Reentrancy can occur during burnToMint

#2022 c4-submissions closed 12 months ago
7
Winner of auction status is not set to false after claim so eligible for refund

#2021 c4-submissions closed 11 months ago
5
Missing Reentry Protection in 'emergencyWithdraw' function

#2020 c4-submissions closed 11 months ago
7
Minting Phases Validation Issue

#2019 c4-submissions closed 11 months ago
7
Add reentrancy protection in `payArtist` function

#2018 c4-submissions closed 11 months ago
6
QA Report

#2017 c4-submissions closed 11 months ago
4
`burnToMint` and `burnOrSwapExternalToMint` allows bypass of periodic sales timer.

#2016 c4-submissions closed 1 year ago
5
Last token of maximum supply can be paid, but it isn't minted nor reverted.

#2015 c4-submissions closed 1 year ago
2
Artist Royalty Split Proposal Functionality Missing

#2014 c4-submissions closed 11 months ago
7
Bid's array can be overloaded with dust bids to break AuctionDemo funcionality.

#2013 c4-submissions closed 1 year ago
4
Switching to sales model 3 for a collection with pre-existing supply could brick the ' mint() ' function for that collection.

#2012 c4-submissions closed 11 months ago
7
Adversary can reenter `mint` to bypass max allowance.

#2011 c4-submissions closed 1 year ago
7
`RandomizerNXT` allows randomness re-rolling and also front-running.

#2010 c4-submissions closed 1 year ago
4
QA Report

#2009 c4-submissions closed 11 months ago
3
Gas Optimizations

#2008 c4-submissions closed 11 months ago
4
QA Report

#2007 c4-submissions closed 11 months ago
6
`claimAuction` can be reverted by any bidder, locking all funds and the prize.

#2006 c4-submissions closed 11 months ago
9
Analysis

#2005 c4-submissions opened 1 year ago
4
`AuctionDemo.sol` has no way to rescue funds.

#2004 c4-submissions closed 11 months ago
4
Unchecked constructor arguments can make a contract unworkable

#2003 c4-submissions closed 11 months ago
4
Gas Optimizations

#2002 c4-submissions closed 11 months ago
4