code-423n4/2023-10-nextgen-findings

Issues

• Reentrancy in `NextGenMinterContract.mint()` allows exceeding max allowance and concurrent use of NFTs in `NextGenMinterContract.burnToMint()`

  #2052 opened a year ago
  3

• Usage of _safeMint in NextGenCore@_mintProcessing allows an attacker to reenter when onERC721Received is called

  #2050 opened a year ago
  5

• Multiple re-entrancy issues allowing stealing of funds and bypassing protocol mint limits

  #2049 opened a year ago
  4

• Reentrancy in mint function leads to various problems

  #2048 opened a year ago
  8

• The protocol is susceptible to reentrancy attacks.

  #2047 opened a year ago
  5

• Reentrancy issue. User can easily mint more than allowed presale, bypassing merkle root limit

  #2046 opened a year ago
  5

• An attacker can mint more than they are allowed due to MinterContract.sol#mint() reentrancy vulnerability

  #2045 opened a year ago
  5

• NextGenMinterContract::mint can be reentered for sales option 3 to mint many NFTs in a single period and bypass viewMaxAllowance for any sales option

  #2044 opened a year ago
  5

• Reentrancy in mint function allows minting above the limit allowed per address / allowlisted address

  #2043 opened a year ago
  6

• collection admin can still change delegation Address by calling setCollectionCosts()

  #2042 opened a year ago
  6

• Missing highBid value update returnHighestBidder would return the wrong HighestBidder causing nft to be minted to the wrong winner

  #2041 opened a year ago
  3

• DoS: Auction May Be Made Unusable By An Attacker

  #2040 opened a year ago
  5

• The reentrancy vulnerability in NextGenCore can allow an attacker to manipulate minting execution

  #2039 opened a year ago
  6

• AuctionDemo opens itself several DoS attack vectors

  #2038 opened a year ago
  9

• The `Transfer` event is emitted successfully in `MinterContract#mintAndAuction()` even when the transaction has failed, leading to inaccurate accounting in off-chain systems.

  #2037 opened a year ago
  5

• QA Report

  #2036 opened a year ago
  4

• tokenHash could be fail to update for minted tokenId

  #2035 opened a year ago
  6

• Gas Optimizations

  #2034 opened a year ago
  3

• No time input validation

  #2033 opened a year ago
  6

• Missing deadline checks

  #2032 opened a year ago
  5

• Analysis

  #2031 opened a year ago
  3

• QA Report

  #2030 opened a year ago
  3

• Bidder Can Retrieve Bid Amount Twice in `claimAuction`

  #2029 opened a year ago
  6

• Analysis

  #2028 opened a year ago
  5

• Missing gas fee limit

  #2027 opened a year ago
  5

• Analysis

  #2026 opened a year ago
  2

• Multiple instances of reentrancy

  #2025 opened a year ago
  6

• AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be `>` instead of `>=`.

  #2024 opened a year ago
  4

• AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be `>` instead of `>=`.

  #2023 opened a year ago
  1

• Cross-Contract Reentrancy can occur during burnToMint

  #2022 opened a year ago
  7

• Winner of auction status is not set to false after claim so eligible for refund

  #2021 opened a year ago
  5

• Missing Reentry Protection in 'emergencyWithdraw' function

  #2020 opened a year ago
  7

• Minting Phases Validation Issue

  #2019 opened a year ago
  7

• Add reentrancy protection in `payArtist` function

  #2018 opened a year ago
  6

• QA Report

  #2017 opened a year ago
  4

• `burnToMint` and `burnOrSwapExternalToMint` allows bypass of periodic sales timer.

  #2016 opened a year ago
  5

• Last token of maximum supply can be paid, but it isn't minted nor reverted.

  #2015 opened a year ago
  2

• Artist Royalty Split Proposal Functionality Missing

  #2014 opened a year ago
  7

• Bid's array can be overloaded with dust bids to break AuctionDemo funcionality.

  #2013 opened a year ago
  4

• Switching to sales model 3 for a collection with pre-existing supply could brick the ' mint() ' function for that collection.

  #2012 opened a year ago
  7

• Adversary can reenter `mint` to bypass max allowance.

  #2011 opened a year ago
  7

• `RandomizerNXT` allows randomness re-rolling and also front-running.

  #2010 opened a year ago
  4

• QA Report

  #2009 opened a year ago
  3

• Gas Optimizations

  #2008 opened a year ago
  4

• QA Report

  #2007 opened a year ago
  6

• `claimAuction` can be reverted by any bidder, locking all funds and the prize.

  #2006 opened a year ago
  9

• Analysis

  #2005 opened a year ago
  4

• `AuctionDemo.sol` has no way to rescue funds.

  #2004 opened a year ago
  4

• Unchecked constructor arguments can make a contract unworkable

  #2003 opened a year ago
  4

• Gas Optimizations

  #2002 opened a year ago
  4