MarketNow open-sources its security audit, revealing four critical payment flaws
AI agent marketplace MarketNow published its full security audit two weeks after launch, disclosing four critical vulnerabilities discovered through parallel pentesting. The flaws included a mandate spending bypass that could allow $500 in purchases against a $10 cap, a transaction hash replay attack enabling unlimited free licenses, an underpayment loophole from a greater-than-or-equal payment check, and a missing sender validation that exposed payments to front-running. All four critical issues have since been patched with fixes including exact payment matching, transaction deduplication, and sender wallet verification. The team acknowledged remaining gaps such as the absence of an independent third-party audit and an in-memory rate limiter that is not globally enforced, with fixes for both items listed on the roadmap.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in