Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

January 24, 2022

info.png

Verified

1

zerofriction.io

Loss Amount:

-

info.png

Recovered Amount:

-

Currency:

Dollars

KYC By:

Audit By:

None

None

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Ethereum

Protocol

NFTs

Contract Vulnerabilities

Extended Method:

logic error

Data Sources:

info.png

At approximately 3:20 PM EST on January 24 2022, the 0x Protocol team reached out privately and directly to disclose a vulnerability in ZORA’s AsksV1 module. Importantly, no user funds have been lost and no users are at immediate risk of losing funds. However, ZORA identified up to 31 users who have the potential to be at risk in the future. This report outlines the vulnerability, the steps we’ve taken to mitigate, and the timeline of events as they unfolded. When a buyer attempts to fill a listing on AsksV1, a malicious seller has a very small window to try to edit their listing before it is filled. The seller could increase the price to the sum of the buyer’s ERC-20 balance and submit the transaction with a very high gas price. If the listing update was executed on chain prior to the listing being filled, the buyer would unintentionally drain their account to purchase the NFT.

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.