Closed CryptoPascal31 closed 1 year ago
Thanks for flagging this issue and providing the testset. A fix has been made here: https://github.com/kadena-io/marmalade/pull/121.
On the other exploits you mention in the remarks, we're conducting a general capability review but we always welcome a Github issue for anything you find.
Expected Behavior
The NFT sale amount should be transferred to the seller.
Current Behavior
Currently an attacker can steal the NFT sale amount.
Possible Solution
Remarks: I've found out some other unrelated exploits that needs to be confirmed.
Steps to Reproduce
See attached REPL file. It demonstrates the exploit and contains many comments to explain how it works. basic-bidding-sale_exploit.repl.txt
Relevant log output
No response