Closed juli closed 1 year ago
Partially implemented in #37.
We are missing two attacks that still rely on prank
:
prank
, the interesting part is off-chain.Leaving my POV about these:
Both cases are pretty similar in terms on how the attacker managed to get access to accounts with privileges.
In the first case, the attacker managed to get a whitelist spot (which could be achieved via the Discord channel of the collection). That attack would happen also if the WhitelistMint
function was public as the bug is not related with the privilege. So, for Bad Guys NFT could be reasonable showing that anyone included in the Merkle Tree would have been able to perform the attack.
As for Ronin, the juicy part of the attack was how the attacker compromised the keys. The biggest concept there IMO is data and keys hygiene.
I guess that the topic of this issue has been already solved. Moreover, we could leave this referenced somewhere as a guideline for future reproductions.
If adding attacker to an allowlist is necessary then is better to spoof the owner's address and add our random attacker address to the allow list. This way the exploit code will be more real and more valuable for future research projects based on this repository.