MarketNow open-sources security audit revealing four critical payment vulnerabilities
AI agent marketplace MarketNow conducted four parallel security audits two weeks after its launch, uncovering four critical vulnerabilities in its USDC payment system on the Base blockchain. The flaws included a mandate spending bypass that could allow $500 in purchases against a $10 cap, a transaction hash reuse exploit enabling unlimited free licenses, an underpayment loophole from a range-check error, and a missing sender-verification bug that allowed transaction hijacking. All four critical issues have since been patched with fixes including fail-closed license issuance, exact payment matching, transaction deduplication, and wallet address validation. Several medium-severity issues were also resolved, such as open CORS policies, exposed user emails in an API, and weak default secrets. The team acknowledged remaining gaps including the absence of an independent third-party audit and a per-instance rather than global rate limiter, both flagged on their public roadmap.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in