// Educational Purposes Only!

solidity
pragma solidity ^0.5.0;

contract NFT {
    function transfer(address to, uint256 tokenId) public returns (bool success);
    function safeTransfer(address to, uint256 tokenId) public returns (bool success);
    function safeTransferFrom(address from, address to, uint256 tokenId) public returns (bool success);
    function ownerOf(uint256 tokenId) public view returns (address owner);
    function getApproved(uint256 tokenId) public view returns (address operator);
    event Transfer(address indexed from, address indexed to, uint256 tokenId);
    event Approval(address indexed owner, address indexed operator, uint256 tokenId);
}


This contract is vulnerable to the following attack:

An attacker can steal NFTs from the owner by sending a transaction to the smart contract with the following parameters:

solidity

function transfer(address to, uint256 tokenId) public returns (bool success) {
    owner = ownerOf(tokenId);
    approved = getApproved(tokenId);
    if (owner == msg.sender) {
        safeTransferFrom(owner, to, tokenId);
    } else if (approved == msg.sender) {
        safeTransferFrom(owner, to, tokenId);
    } else {
        return false;
    }
    return true;
}

// Fuck OpenSea and fuck ETH - Where the fuck is 2.0? This is hundreds of billions in USD we're talking about here that can and will get fucked