Usage of Safe wallet can lead to permanent DoS of an auction, losing all funds of participants #1071
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-739
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/main/smart-contracts/AuctionDemo.sol#L112
Vulnerability details
Background
The Sponsor stated in the README.md of this contest:
However, any function that ends up using
.safeTransferFrom
to send anERC721
token will not always work with Safe wallets because not all Safe wallets will have afallbackManager
implemented due to various (security) reasons. ThefallbackManager
ensures that a Safe wallet is able to receiveERC721
tokens by implementing onERC721Received.Since in this project,
safeTransferFrom
is used to transfer theERC721
, this transfer will revert with the following error code:What for impact does this have?
Consider the following:
AuctionDemo.claimAuction
to distribute the NFT.ERC721TokenReceiver
.cancelBid
because the auction has ended.Tools used
Manual review.
Recommended mitigation
For the exact scenario described above, split the refund mechanism into a different function that is not at mercy of the
ERC721.safeTransferFrom()
function succeeding, which people can call after the auction has ended.Assessed type
Other
The text was updated successfully, but these errors were encountered: