CVE-2025-56207
CVE-2025-56207
In short
A flaw in an Ethereum NFT smart contract allows anyone to send NFTs to an invalid address (zero address), permanently destroying them. This breaks the contract rules and causes permanent loss of digital assets.
Technical detail
The '_transfer' function in the MoneyMakingOpportunity ERC721 contract (0x41d3d86a84c8507a7bc14f2491ec4d188fa944e7) lacks validation to prevent transfers to the zero address, enabling attackers to call transfer functions with address(0) as the recipient. This violates ERC721 compliance and results in permanent asset destruction without recovery mechanism.
Summary generated and translated by AI from the official description.
A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721 standard. The eth address is 0x41d3d86a84c8507a7bc14f2491ec4d188fa944e7, contract name is MoneyMakingOpportunity, and compiler version is v0.8.17+commit.8df45f5f.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →