code-423n4 2023-10-nextgen-findings issues

code-423n4 / 2023-10-nextgen-findings

5 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Minting nft with Index 0 is not allowed

#2001 c4-submissions closed 12 months ago
6
Gas Optimizations

#2000 c4-submissions opened 1 year ago
2
QA Report

#1999 c4-submissions closed 11 months ago
3
Max Allowance is wrongly or not checked in many ocasions.

#1998 c4-submissions closed 1 year ago
4
`setFinalSupply` can set totalSupply of a non-existent collection

#1997 c4-submissions closed 11 months ago
4
Royalty Payment Invariant Violation

#1996 c4-submissions closed 12 months ago
5
High possibility of DOS

#1995 c4-submissions closed 12 months ago
6
Re-enterancy in AuctionDemo contract

#1994 c4-submissions closed 1 year ago
5
Adding a randomizer to a collection should be mandatory

#1993 c4-submissions closed 12 months ago
6
Risk of Permanent ETH Loss for Bidders

#1992 c4-submissions closed 1 year ago
3
QA Report

#1991 c4-submissions closed 11 months ago
3
QA Report

#1990 c4-submissions closed 11 months ago
4
Analysis

#1989 c4-submissions opened 1 year ago
2
When the burnToMint function is enabled, any bad actor can transfer the nft-to-burn when it receives the newly minted nft, getting burned after he no longer is the owner.

#1988 c4-submissions closed 1 year ago
6
NFT Claiming Issue Due to Lacking Ownership

#1987 c4-submissions closed 1 year ago
6
Owner of the token will not receive the funds of the highest bid after an Auction is claimed

#1986 c4-submissions closed 1 year ago
2
Collection Total Supply invariant can be broken

#1985 c4-submissions closed 12 months ago
11
Contract can be drained from the `claimAuction` contract

#1984 c4-submissions closed 12 months ago
5
No Chainlink error handling in case of ethereums gas prices increasing or subscription running out of Link.

#1983 c4-submissions closed 1 year ago
2
Users get pay for multiple NFTs and only get 1 minted

#1982 c4-submissions closed 12 months ago
4
mint with sales option 3 doesn't work as expected

#1981 c4-submissions closed 1 year ago
5
The absence of sanity checks in the `MinterContract#mintAndAuction()` function can lead to avoidable error scenarios.

#1980 c4-submissions closed 12 months ago
7
`cancelBid()` and `cancelAllBids()` functions are incorrectly implemented, resulting in partial/complete DoS-ing of bid cancelling functionality.

#1979 c4-submissions closed 12 months ago
4
Analysis

#1978 c4-submissions closed 11 months ago
3
The NextGenRandomizerNXT contract's hash generating function flow, can be purposefully reverted in order to obtain a desired nft.

#1977 c4-submissions closed 1 year ago
4
User with multiple bid cannot claim reward

#1976 c4-submissions closed 12 months ago
5
`allowlist`'s Merkle Tree Leaves May Lead to Collisions

#1975 c4-submissions closed 1 year ago
4
Critical Issues in Auction Refund Loop

#1974 c4-submissions closed 12 months ago
4
No function to distribute secondary sales royalties split.

#1973 c4-submissions closed 12 months ago
8
[M-01] Data in **collectionAdditionalData** can be changed even after setting the data by calling **setCollectionData** function

#1972 c4-submissions closed 12 months ago
5
Old tokenData is used instead of new

#1971 c4-submissions closed 12 months ago
5
artist royalty calculated susceptible to wrong calculation

#1970 c4-submissions closed 12 months ago
8
Collection randomizer can be updated while collection is frozen

#1969 c4-submissions closed 12 months ago
4
`NextGenCore::tokenURI` is vulnerable to JSON injection

#1968 c4-submissions closed 1 year ago
2
Gas Optimizations

#1967 c4-submissions opened 1 year ago
3
Auction Winner Can Retrieve Bid Amount Back Along With NFT

#1966 c4-submissions closed 1 year ago
5
QA Report

#1965 c4-submissions opened 1 year ago
4
Gas Optimizations

#1964 c4-submissions closed 12 months ago
2
The getPrice function returns an incorrect price

#1963 c4-submissions closed 1 year ago
2
Analysis

#1962 c4-submissions opened 1 year ago
2
User can mint more tokens than is allowed

#1961 c4-submissions closed 1 year ago
6
User can overpay for NFT

#1960 c4-submissions closed 12 months ago
6
MinterContract::burnToMint() do not mint any token for the case where current circulationSupply greater than eq to totalSupply, make user pay ETH for nothing.

#1959 c4-submissions closed 1 year ago
3
Collection can be frozen without data and without a randomizer

#1958 c4-submissions closed 12 months ago
5
Gas Optimizations

#1957 c4-submissions closed 12 months ago
2
Multiplication before division can cause loss in precision

#1956 c4-submissions closed 12 months ago
6
Gas Optimizations

#1955 c4-submissions opened 1 year ago
4
`returnHighestBidder` of `Auction.sol` will return wrong bidder rather than highest due to missing logic in for loop.

#1954 c4-submissions closed 1 year ago
2
THE RANDOM HASH GENERATED VIA THE `RandomizerNXT.calculateTokenHash` FUNCTION IS NOT TRULY RANDOM

#1953 c4-submissions closed 1 year ago
4
Possible DOS attack the moment any new bid is created.

#1952 c4-submissions closed 12 months ago
6

Previous Next