Platform: Code4rena
Start Date: 27/04/2022
Pot Size: $50,000 MIM
Total HM: 6
Participants: 59
Period: 5 days
Judge: 0xean
Id: 113
League: ETH
Rank: 41/59
Findings: 1
Award: $72.64
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1337, 0x1f8b, 0xDjango, 0xf15ers, AuditsAreUS, BowTiedWardens, CertoraInc, Funen, GimelSec, MaratCerby, Ruhum, WatchPug, antonttc, berndartmueller, bobi, bobirichman, broccolirob, catchup, cccz, defsec, delfin454000, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kenzo, m9800, mics, oyc_109, pauliax, reassor, robee, samruna, sikorico, simon135, throttle, unforgiven, z3s
72.6404 MIM - $72.64
https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPair.sol#L266 https://github.com/code-423n4/2022-04-abranft/blob/5cd4edc3298c05748e952f8a8c93e42f930a78c2/contracts/NFTPairWithOracle.sol#L295
using ERC721.transferFrom is not safe as the recipient can not be a valid ERC721 receiver contract, hence the token can be lost. safeTransferFrom should be used instead.
NFTPair.removeCollateral line 266
NFTPairWithOracle.removeCollateral line 295
collateral.transferFrom(address(this), to, tokenId) can be called with an invalid to adress.
Manual Inspection with VSCode.
Use safeTransferFrom instead of transferFrom. safeTransferFrom will check that to is a valid ERC721 receive
#0 - cryptolyndon
2022-05-05T23:52:49Z
Duplicate of #20
#1 - 0xean
2022-05-21T14:24:48Z
see #20 - downgrading to QA
#2 - JeeberC4
2022-05-23T19:10:28Z
Preserving original title: Use of unsafe ERC721.transferFrom rather than safeTransferFrom