NextGen

NFT Generative Art|2,000 LOC|4H + 10M = 14 findings|Repo

Tool Results

Official Findings (14)

H-01Attacker can reenter to mint all the collection supply

H-02Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

H-03Adversary can block claimAuction() due to push-strategy to transfer assets

H-04Multiple mints can brick any form of salesOption 3 mintings

M-01payArtist can result in double the intended payout

M-02RandomizerVRF and RandomizerRNG not produce hash value

M-03Vulnerability in burnToMint function allowing double use of NFT

M-04On Descending Sale Model, user minting on last block.timestamp mints at unexpected price

M-05Auction payout goes to AuctionDemo contract owner, not the token owner

M-06Artist signatures can be forged to impersonate artist

M-07Auction winner can prevent payments via safeTransferFrom callback

M-08If airdrop happens before mint the price could skyrocket

M-09getPrice salesOption 2 can round down to lower barrier

M-10Bidder Funds Can Become Unrecoverable Due to 1 second Overlap