link.png

ID:

charged-particles-1144

Date:

Status:

Incident Count:

February 9, 2021

Near-Miss

1

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

None

Loss Amount:

-

info.png

Recovered:

-

Rewards:

5,000

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Ethereum

NFTs

NFTs

Rewards - Bug Bounties

Extended Method:

Griefing/Denial of service

info.png

Days in Operation:

701

(1.92 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

Charged Particles is a decentralized NFT marketplace where users can deposit ERC-20 tokens into any NFT.

Whitehat Alejandro Muñoz-McDonald submitted a vulnerability classified as “High” in Charged Particles. The vulnerability was a griefing/denial of service attack against the protocol that would have allowed a malicious user to create a system where bribes had to be paid for a user to buy or sell an NFT. Charged Particles paid Alejandro Muñoz-McDonald a $5,000 USDC bounty.

Under the Charged Particles protocol, a “Proton” refers to the ERC721 contract for a particle, which is an NFT ready to be energized by adding interest-bearing assets to it. Prior to the fix of this vulnerability, a malicious proton creator could have held Protons hostage after selling them by creating a malicious ransom contract and setting it to be the royalties receiver. The bug was found in Proton.sol.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.