We discovered a major vulnerabilitty in Polkapets NFT smart contract that enabled us to burn their entire collection. This was done by analysing their code and we noticed they had not protected the burn function in the code. Here is a link to the rinkby testnet where we deployed their smart contract to test:

https://rinkeby.etherscan.io/address/0x3b75ead423b9c6b868b2baea73f9e660573b0111

As you can see we successfully were able to burn and batch burn any of their NFTs. At the time of this finding, Polkapets were trading over $1m.