Platform: Code4rena
Start Date: 30/03/2022
Pot Size: $30,000 USDC
Total HM: 21
Participants: 38
Period: 3 days
Judge: Michael De Luca
Total Solo HM: 10
Id: 104
League: ETH
Rank: 23/38
Findings: 1
Award: $203.72
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: hickuphh3
Also found by: 0xDjango, kirk-baird, leastwood, m9800, minhquanym, pedroais
203.7202 USDC - $203.72
https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/core-contracts/contracts/CoreCollection.sol#L139 https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/core-contracts/contracts/CoreCollection.sol#L162 https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/core-contracts/contracts/ERC721Payable.sol#L54
A User can mint tokens even if the payment doesn't succeed.
the contract ERC721Payable uses erc20 to handle payments. When this contract handles the payment of the user , calls the function transferFrom from the ERC20 payableToken variable and doesn't check if transferFrom succeeded. We don't have the assurance that transferfrom reverts if the operation doesn't succeed, it will depend on each interface.
Check if transferFrom succeeds before continue.
#0 - sofianeOuafir
2022-04-14T18:59:38Z
In my opinion, the severity level should be 3 (High Risk) instead of 2 (Med Risk) duplicate of #52