wildanzrrr/base-x-rareskills-4.md

Last active December 13, 2024 17:12

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/wildanzrrr/249f38add523fa672641fc98321d2177.js"></script>
Save wildanzrrr/249f38add523fa672641fc98321d2177 to your computer and use it in GitHub Desktop.

Download ZIP

Base x RareSkills ERC721 topic

Raw

base-x-rareskills-4.md

In order to steals Alice NFT on the Game contract, there's some way to do that:

Using Fake Attacker NFT

Step to reproduce:

This method will need Bob to deploy his own NFT (fake) and mint an NFT with the same id that Alice deposited to the Game contract.
Then, Bob will transfer his NFT to the Game contract. This action will rewrite the mapping tokenId 10 to Bob's address.
Next, Bob will call withdraw function on the Game contract. This action will success because the validation doing check by comparing originalOwner[tokenId] == msg.sender

Code example: With fake attacker NFT

Calling public function onERC721Received directly

Step to reproduce:

Bob call public function onERC721Received on Game contract. There's 4 args on it operator, from, tokenId, and data. Make sure Bob fill from with his address.
In the Game contract implementation, there's a line of code that modify the state of mapping tokenId with form

originalOwner[tokenId] = from;

4.Next, Bob will call withdraw and it will be success.

Code example: Calling onERC721Received function directly

Using another method but still thinking :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment