Andy Kutruff's Blog.

Tech things.

Cover Image for Solana NFT Theft via Metaplex Auction Persistent Sale Agreement Exploit.

On July 7th, 2022, I found and reported a security flaw in the Metaplex Auction House Program that allowed an attacker to trick a victim into selling their NFT at a fraction of the currently auctioned value, effectively stealing the NFT.

Andy Kutruff
Andy Kutruff

More Stories

Cover Image for Solana Metaplex Auction House Account Poisoning Exploit.

Solana Metaplex Auction House Account Poisoning Exploit.

On July 7th, 2022, I found and reported a bug in the Metaplex Auction House Program that allowed an attacker to create an unauthorized auction house for any wallet address, including existing NFT marketplaces and inject their own accounts as the withdrawal account to potentially steal fees.

Andy Kutruff
Andy Kutruff
Cover Image for Solana Metaplex Token Entangler Smart Contract Exploit.

Solana Metaplex Token Entangler Smart Contract Exploit.

On June 26, 2022, I found and reported a bug in the Metaplex Token Entangler that allowed an attacker to lock-up a token permanently with a malicious token swap.

Andy Kutruff
Andy Kutruff
Cover Image for Hello world.

Hello world.

Started this blog today.

Andy Kutruff
Andy Kutruff