BREAKING NEWS! Coin.fyi has been acquired by VC firm Morningstar Ventures. Read more

BNB
$424.83 -9.47%
BNB · 6d

Binance Bakeryswap co-branded $CAR NFT minting security bug

Real Tesla NFT minted from Bakeryswap $CARNFT project TL;DR Bakeryswap $CARNFT mint contract has security bug. This bug allows attacker mints the NFT he wants. I minted all 3 REAL TESLA NFT in my proof of concept and protect it’s being further abused. Bakeryswap team does not care about security bugs, contract being hacked, not care if REAL TESLA NFTs are being minted, and not care about users assets. Good luck Bakeryswap users! Background

Bakeryswap had a IDO $CAR, which said user can use $CAR to mint a $CARNFT, and 3 out of 10000 NFTs are special REAL TESLA car, which you can use it to redeem a real Tesla car.

Apparently, no one minted a real Tesla car successfully before I minted.

To check if a $CARNFT is a REAL TESLA NFT in $CARNFT contract, there’s a carInfoMap, which maps token id to car info, and if car info’s size is 1, then it’s a REAL TESLA NFT. After dumping the whole token id map, I found out token id 8, 88, 888 are the real tesla car NFT token id, and they were not minted yet!

How $CAR NFT minting works (Behind the UI) User needs to buy / own at least 1 $CAR token. Then user can mint CarBlindBox NFT by running mint() in CarBlindBox contract, which will spend user 1 $CAR token. Once you have CarBlindBox NFT, you can call open() to draw a random $CARNFT. Security bug details

In CarBlindBox contract, open() is the key to draw a NFT randomly from its NFT pool. If you can control and predict the random number function output, you can control which NFT you will be getting.

Let’s take a look the random function.

function randomGen(uint256 seed, uint256 max) internal view returns (uint256 randomNumber) { return (uint256( keccak256(abi.encodePacked(blockhash(block.number — 1), now, msg.sender, block.difficulty, seed)) ) % max); }

Basically you cannot know the random number before tx is merged into the block. However, within the same block, you still can predict the randomGen() output if you know the seed and...

Continue on medium.com
Recent News