Taxes can be transferred to an address without the awareness of that address
bid, it calls
safeTransferByMarket to transfer the pixel ownership to a new address, and
_safeTransfer, which calls
onERC721Received to new address if it’s a contract address.
After transferring the token,
bid continues to set a new price according to the input.
Form an Attack
- Attacker deployed a contract with
- Attacker use that contact to bought a pixel with an extremely high price via
onERC721Received, it immediately transfer the pixel to the victim;
- The victim have to pay the corresponding tax with that price.
- contracts/src/TheSpace/TheSpace.sol (commit: cbb2a7f)
Threat Agent Factors
advanced user or has programming skills.
possible reward through UBI.
need to own a large portion of pixels and pay gas fees.
anonymous Internet users.
Ease of Exploit
can form the attack easily without third-party involves
Technical Impact Factors
Loss of Integrity
Loss of Availability
can damage the economic mechanism.
Loss of Accountability
can completely anonymous.
Business Impact Factors
depends on the $SPACE allowance
Overall Likelihood: 2.14
Overall Impact: 2.5
Over Risk Score = Impact * Likelihood = 5.35