ERC721 callback not called when sending token to user. #161
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
2 (Med Risk)
outdoteth
added
the
sponsor confirmed
|
use safeTransferFrom to prevent stuck NFTs: #38 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Lines of code
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L295
Vulnerability details
Impact
NFT can get trapped in user contract because of some mistakes.
Proof of Concept
In
exercisefunction, when the contract is transferring NFT to user contract, it usetransferFrominstead ofsafeTransferFromwhich skips the check of receiver contract is willing to receive NFT. This might lead to NFT permanently locked in a contract.There has been debates about whether to use transferFrom or safeTransferFrom, but I personally think it's always better to use
safeTransferFrom: if the user use a contract wallet without the receiving callback, he can always transfer the optionToken to another EOA address and exercise; But, if there's a mistake and a contract accidentally receive and NFT, it will get locked forever.Recommended Mitigation Steps
consider using safeTransferFrom (and safeMint), otherwise explicitly state it somewhere in the code or document that it doesn't fully complied with ERC721.
The text was updated successfully, but these errors were encountered: