Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Using transferFrom on ERC721 tokens transfer #97

Closed
code423n4 opened this issue May 12, 2022 · 1 comment
Closed

Using transferFrom on ERC721 tokens transfer #97

code423n4 opened this issue May 12, 2022 · 1 comment
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate This issue or pull request already exists sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L295
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L344

Vulnerability details

Impact

  • In the function Cally.exercise() and Cally.withdraw(), ERC721 token is sent to msg.sender and the transferFrom keyword is used instead of safeTransferFrom. If msg.sender is a contract and is not aware of incoming ERC721 tokens, the sent tokens could be locked forever

Proof of Concept

Recommended Mitigation Steps

  • Consider changing transferFrom to safeTransferFrom.
@code423n4 code423n4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels May 12, 2022
code423n4 added a commit that referenced this issue May 12, 2022
@code423n4
minhquanym issue #97
55ee900
@outdoteth outdoteth added the sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") label May 15, 2022
@outdoteth
Copy link
Collaborator

use safeTransferFrom to prevent stuck NFTs: #38

@outdoteth outdoteth added the duplicate This issue or pull request already exists label May 15, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate This issue or pull request already exists sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@outdoteth @code423n4