CVE-2020-19767

HIGH

zeroxracer 1.0 - Token Theft via destroycontract() Address Verification Bypass

Title source: llm

Description

A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/OSUPlayer/CVEs/blob/master/Suicidal/2019-07-09-03.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0114

EPSS Percentile 62.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

zeroxracer_project/zeroxracer 1.0

Published Sep 07, 2021

Tracked Since Feb 18, 2026