Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Critical Security Vulnerability: Potential NFT Theft Through Inadequate Title Management and Ownership Verification #150

Open
4 of 5 tasks
adityajha2005 opened this issue Oct 28, 2024 · 5 comments
Open
4 of 5 tasks

[Bug]: Critical Security Vulnerability: Potential NFT Theft Through Inadequate Title Management and Ownership Verification #150

adityajha2005 opened this issue Oct 28, 2024 · 5 comments
Assignees
@adityajha2005
Labels
discussion high-priority maintenance security

Comments

@adityajha2005
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

A significant vulnerability has been discovered in the DecentradeMarketplace smart contract, which enables malicious actors to alter NFT ownership due to deficiencies in title management and verification processes. The primary concerns are as follows:

Title Manipulation: There is an absence of validation for unique titles during redeployments, which permits the existence of duplicate listings.
Ownership Verification Deficiencies: There are insufficient checks for ownership prior to listing and inadequate validation of operators.
State Management Issues: There is a potential for race conditions, incomplete state cleanup, and a lack of event logging for changes in title.

Add ScreenShots

No response

What browsers are you seeing the problem on?

No response

Record

  • I agree to follow this project's Code of Conduct
  • I'm a WOB contributor
  • I want to work on this issue
  • I'm willing to provide further clarification or assistance if needed.
@github-actions GitHub Actions
Copy link

You've successfully raised your issue, We'll get back to you soon. Don't forget to star⭐ the Repo.

@4darsh-Dev
Copy link
Owner

assigned to you @adityajha2005 ,
propose your changes, and go through contributing guidelines,

@adityajha2005
Copy link
Author

@4darsh-Dev I've submitted the PR. Let me know if any adjustments are needed.

@4darsh-Dev
Copy link
Owner

Gentle Reminder 🚨🚨
GSSoC-Ext 24 is going to complete in 2 Days. '
Complete your assigned Issues and PR reviews before time to get Points on Leaderboard. '
It was a great experience working with you all, Don't forget to ⭐ star the Repo (only 12 with 62 forks 💔) .
Thanks💗 for your valuable contributions!

@4darsh-Dev
Copy link
Owner

Gentle Reminder 🚨🚨
PA and Mentor nominations have been started for GSSoC-Ext 2k24. '
Do share your experiences and connect on Socials. '
It was a great experience working with you all
Thanks💗 for your valuable contributions!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adityajha2005 adityajha2005

Labels
discussion high-priority maintenance security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@4darsh-Dev @adityajha2005