Immunefi Editor ImmunefiEditor
ImmunefiEditor
/ Sky Remote Code Execution Bugfix review 1
Created
January 31, 2025 05:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $url = $_GET['url']; | |
| $cmd = shell_exec("ping " . $url); | |
| echo $cmd; |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 10
Created
December 18, 2024 07:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #[test(should_revert)] // Change to #[test()] once the codebase is updated | |
| fn test_attack() { | |
| initialize_contracts(); | |
| execute_attack(); | |
| } | |
| fn initialize_contracts() { | |
| // Initialize contracts | |
| let thunder_exch = abi(ThunderExchange, thunder_exchange::CONTRACT_ID); | |
| let asset_mngr = abi(AssetManager, asset_manager::CONTRACT_ID); |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 9
Created
December 18, 2024 07:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #[storage(read), payable] //@audit seller is forced to send the NFT which doesn't exist for the user instead its in the thunder exchange itself when place_order called | |
| fn _execute_sell_taker_order(order: TakerOrder) { | |
| let strategy = abi(ExecutionStrategy, order.strategy.bits()); | |
| let execution_result = strategy.execute_order(order); | |
| require(execution_result.is_executable, ThunderExchangeErrors::ExecutionInvalid); | |
| require( | |
| msg_asset_id() == AssetId::new(execution_result.collection, execution_result.token_id), //@audit | |
| ThunderExchangeErrors::PaymentAssetMismatched | |
| ); // but the seller does not have the NFT ? | |
| require(msg_amount() == execution_result.amount, ThunderExchangeErrors::AmountMismatched); |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 8
Created
December 18, 2024 07:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fn place_order(order_input: MakerOrderInput) { | |
| _validate_maker_order_input(order_input); // sanity checks | |
| let strategy = abi(ExecutionStrategy, order_input.strategy.bits()); | |
| let order = MakerOrder::new(order_input); | |
| match order.side { | |
| Side::Buy => { //users make offer for specific nft(bid) | |
| // Buy MakerOrder (e.g. make offer) | |
| // Checks if user has enough bid balance |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 7
Created
December 18, 2024 06:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #[test] | |
| fn test_attack() { | |
| initialize_contracts(); | |
| execute_attack(); | |
| } | |
| fn initialize_contracts() { | |
| let thunder_exch = abi(ThunderExchange, thunder_exchange::CONTRACT_ID); | |
| thunder_exch.initialize(); |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 6
Created
December 18, 2024 06:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pub fn s1(maker_order: MakerOrder, taker_order: TakerOrder) -> ExecutionResult { | |
| ExecutionResult { | |
| ... | |
| amount: 1, | |
| ... | |
| } |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 5
Created
December 18, 2024 06:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fn _execute_sell_taker_order(order: TakerOrder) { | |
| ... | |
| require(msg_amount() == execution_result.amount, ThunderExchangeErrors::AmountMismatched); | |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 4
Created
December 18, 2024 06:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pub struct MakerOrder { | |
| ... | |
| pub amount: u64, |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 3
Created
December 18, 2024 06:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| it("should prevent NFT theft via order update and cancellation", async () => { | |
| const nftId = 20, price = 1000000; | |
| // Step 1: NFT owner places a sell order | |
| expect( | |
| (await Exchange.placeSellOrder(exchange.id.toString(), provider.url, nft_owner.privateKey, { | |
| maker: nft_owner.address.toB256(), | |
| collection: erc721.id.toB256(), | |
| tokenId: nftId, | |
| price, |
ImmunefiEditor
/ Top 3 Bugs from the ThunderNFT Invite Only Program 2
Created
December 18, 2024 06:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fn cancel_order(strategy: ContractId, nonce: u64, side: Side) { | |
| // ... | |
| let order = strategy_caller.get_maker_order_of_user(caller, nonce, side); | |
| match side { | |
| Side::Sell => { | |
| if (order.is_some()) { | |
| // ... (cancel order in strategy) | |
| transfer( | |
| Identity::Address(unwrapped_order.maker), | |
| AssetId::new(unwrapped_order.collection, unwrapped_order.token_id), |
NewerOlder