[Bug]: V2 => EXPLOIT: An escrowed amount during an auction sale can be stolen by an attacker

kadena-io / marmalade

Decentralized Infrastructure for Poly-Fungibles and NFTs

24 stars 16 forks source link

[Bug]: V2 => EXPLOIT: An escrowed amount during an auction sale can be stolen by an attacker #120

Closed CryptoPascal31 closed 1 year ago

CryptoPascal31 commented 1 year ago

Expected Behavior

The NFT sale amount should be transferred to the seller.

Current Behavior

Currently an attacker can steal the NFT sale amount.

Possible Solution

Remarks: I've found out some other unrelated exploits that needs to be confirmed.

Steps to Reproduce

See attached REPL file. It demonstrates the exploit and contains many comments to explain how it works. basic-bidding-sale_exploit.repl.txt

Relevant log output

No response

jermaine150 commented 1 year ago

Thanks for flagging this issue and providing the testset. A fix has been made here: https://github.com/kadena-io/marmalade/pull/121.

On the other exploits you mention in the remarks, we're conducting a general capability review but we always welcome a Github issue for anything you find.