TechFlow news, April 8 — According to Certik's social media post, it has detected a vulnerability exploitation incident involving flash loans and an NFT marketplace. The attacker exploited a combination of zero-fee flash loans and delegatecall functionality in the NFT marketplace, primarily targeting vulnerabilities in the makeOffer and acceptOffer functions.
After obtaining liquidity via flash loans, the attacker manipulated the NFT pricing logic and completed the attack by executing operations such as makeOffer, acceptOffer, and transferFrom. Although no direct financial loss occurred, the trading logic of the NFT marketplace was compromised.
Certik advises projects implementing delegated offer logic to immediately review their access control and validation mechanisms.




