We discovered a major vulnerabilitty in Polkapets NFT smart contract that enabled us to burn their entire collection. This was done by analysing their code and we noticed they had not protected the burn function in the code. Here is a link to the rinkby testnet where we deployed their smart contract to test:
As you can see we successfully were able to burn and batch burn any of their NFTs. At the time of this finding, Polkapets were trading over $1m.