Treasure Marketplace Hacked: Exploit Ongoing

BREAKING – The Treasure Marketplace has been hacked! A bug in the contract allowed attackers to purchase a variety of NFTs, including high value Genesis Legions and Smol Brains, for 0 cost. This is a bug in the exchange itself and is currently affecting ALL listed NFTs.

Users should delist or revoke approval for ANY NFT on the site immediately!

The bug involves setting the purchase quantity to 0, so no value is actually being transferred to purchase these Genesis Legions!

The Arbiscan for the contract is here. This is an example of an exploiting transaction. The transaction input is below, you can see the _quantity has been set to 0.

MAGIC Exploit
The _buyItem() function calculates the totalPrice of a transaction based on the _pricePerItem and the _quantity. The contract however, does not implement a zero-quantity check, so users are setting the quantity to 0, and buying anything for totalPrice = 0 pic.twitter.com/iex4lka0EO
— _cry (@cryethereum) March 3, 2022

The marked require statement ensures that the user entered quantity is less than or equal to the amount listed. It does not check that it is not zero! Allowing _quantity to be zero makes the price calculation in _buyItem equal to zero, resulting in zero value transfer in payment.

Founder John Patten promises to make the affected users whole. The hack impact is still ticking up, and it remains to be seen how much he will be on the hook for.

Treasure marketplace is being exploited. Please delist your items. We will cover the costs of the exploit—I will personally give up all of my Smols to repair this.

I cannot fathom what subhuman targets a fair launch marketplace for robbery, but they will not defeat the community
— John Patten (@jpatten__) March 3, 2022

This address seems to be one of the first exploiters. He quickly went on a scooping spree of over 20 txns.

With such a low barrier to entry with this exploit (basically just interacting via Etherscan), many copycats quickly starting exploiting as well. And some dishonest users decided to promote it to their groups…

You backstabbing, repulsive pieces of shit helped promote the mass-exploit of the Treasure marketplace after "partnering" with one of the biggest projects that launched ON THE SAME DAY?

What the fuck is wrong with you…. https://t.co/lvd20Mk1xA pic.twitter.com/XoMOFNDGkw
— Arcanic 🪄✨ (@ArcanicNFT) March 3, 2022

What a mess. It’s a shame, really. The $MAGIC and Treasure ecosystems are a high energy community with an ethos of free mints and value creation. Lively, creative concepts. All now endangered because of a single missing smart contract line.

This article may contain links to third-party websites or other content for information purposes. BowTiedIsland may receive a commission at no cost to you if you purchase a product after clicking one of these links. The Third-Party Sites are not under the control of BowTiedIsland, and BowTiedIsland is not responsible for the content of any Third-Party Site. All information contained herein is the opinion of the writer and does not constitute financial advice. We aim to act as a neutral third party and aid in your research and analysis.

The Jungle

Crypto, Investing, and E-Commerce with BowTied Bull

The future is internet based, therefore we have a triangle based approach with crypto, e-commerce business making and Investing in traditional assets

Learn More

The Culture War with BowTiedRanger

Whether you’re a political junkie or just interested in current events.

You’ve come to the right place for analysis of the most relevant current events and political issues.

Learn More

Fitness With BowTiedOx

BowTiedOx provides you a place to find all of his latest programs and guides.

Weekly newsletters that cover fitness, health, and mindset, all grounded in the fundamentals of physiology.

Learn More

Media Production with BowTied Turkey and BowTied Tamarin

Video is no longer optional.

Don’t get left behind.

Your brand deserves professional videos to engage your audience.

Learn More

Art & Graphic Design with BowTied Patriot

BowTied Patriot is a graphic artist who specializes in photography, mixed medium custom artwork, and NFT creation.

Join BowTiedPatriot as he dives into making Art in Web3.0 and The Metaverse.

Learn More

Cooking with BowTiedOctopod

Learn secrets from a fine dining chef for maximum flavor and time-saving efficiency

Newsletters on Ingredients, Techniques and Flavor hacks that will have you eating better. We will never eat bugs!

Learn More

Meme Warfare with DgenFren

Increase your online engagement, organically influence narratives, and build your online persona by using marketing that your target audience actually wants: memes.

Learn More