Netflix’s ‘Love, Death + Robots’ NFT’s Vulnerability Alert

Key Takeaways

  • Certik Team has noticed an issue with Love Death + Robots’s NFT minting process. The team has detected that an authentication layer on their Web-API for the signature is missing.

Love, Death + Robots is a collection of animated short stories that span several genres, including science-fiction, fantasy, horror, and comedy. World-class animation creators bring captivating stories to life in the form of a unique and visceral viewing experience. The animated anthology series includes tales exploring alternate histories, robots’ lives in a post-apocalyptic city, and a plot for world domination by super-intelligent yogurt. Among the show’s executive producers is Oscar-nominated director David Fincher.

Here is the contract address: https://etherscan.io/address/0xfd43d1da000558473822302e1d44d81da2e4cc0d

To mint the NFT, users are supposed to watch the show and scan QR codes that appear in the show to collect a signature they can use to mint an NFT. Here is the link to their official website: https://lovedeathandart.com/. However, the web API used to generate the signature lacks an authentication check.

So, users who don’t have a Netflix account can call the API, get the signature, and mint the NFT without watching the show. So, anyone who can call the API can get a signature to mint the NFT. Although, these are free NFTs. So, we will also advise our users to stay away from phishing sites.

Here are some other bug alerts our readers should know about:

  1. Frax Finance Critical Vulnerability Alert
  2. Auctus Protocol Critical Vulnerability Alert
Default image
Yash Kamal Chaturvedi

Btech Computer Science, Maharshi Dayanand University, Rohtak (2023)

Can’t find what you’re looking for? Type below and hit enter!