Platform: Code4rena
Start Date: 05/09/2023
Pot Size: $50,000 USDC
Total HM: 2
Participants: 16
Period: 6 days
Judge: GalloDaSballo
Total Solo HM: 2
Id: 284
League: ETH
Rank: 16/16
Findings: 1
Award: $40.13
🌟 Selected for report: 0
🚀 Solo Findings: 0
40.1294 USDC - $40.13
Tokens that have already expired should be used in the flashloan function. An already expired token should only be withdrawn and extended by the principal token owner. Delegate token owners or approved operators should not have the possibility to borrow their underlying tokens for the duration of a single atomic transaction because their rights for the token have expired.
It is possible to approve a token or use transferFrom to transfer it to another address that has already expired. An expired token should only be withdrawn and extended by the principal token owner
Add an additional check to determine if the token is expired.
The If condiiton
if (underlyingAmount != 0) { //@audit nc: this is useless for erc721 revert Errors.WrongAmountForType(IDelegateRegistry.DelegationType.ERC721, underlyingAmount); }
is redundant in the checkERC721BeforePull function. In this function, underlyingAmount will always be different from 0 and even if it is equal to 0, it will not affect other parts of the codebase.
It is possible to approve the address(0) or the msg.sender in the setApprovalForAll function.
#0 - GalloDaSballo
2023-09-24T17:47:45Z
L-1 L
L-2 L
NC-1 NC
NC-2 OOS
#1 - GalloDaSballo
2023-10-02T08:19:37Z
1L + 3 from dups
3L +3
#2 - c4-judge
2023-10-02T09:15:44Z
GalloDaSballo marked the issue as grade-b