Upgraded Q -> M from 119 [1654475092615] #340
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
upgraded by judge
Comments
code423n4
added
2 (Med Risk)
code423n4
added a commit
that referenced
this issue
Jun 6, 2022
|
Dupe of #38 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Judge has assessed an item in Issue #119 as Medium risk. The relevant finding follows:
Checking whether the receiver is capable of holding ERC721
The contract usessafeTransfer() for ERC20 but uses transferFrom() for ERC721 in both exercise() and withdraw() which may lead to the loss of ERC721 if the receiving contract does not have onERC721Received(). To prevent this unintended circumstance, the contract should replace this function with safeTransferFrom() for ERC721 to check whether the receiving contract is IERC721Receiver.
The text was updated successfully, but these errors were encountered: