safeTransfer denial of service in claimAuction function #1075
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-739
edited-by-warden
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L112
Vulnerability details
Impact
A malicious receiver can forcibly revert transactions by reverting inside onERC721Received() or by using a loop to consume all the gas. Protocol should not assume that safeTransferFrom to an arbitrary address will succeed.
Proof of Concept
A user can forcibly revert the call in safeTransferFrom function:
This may lead to the user not being able to get the NFT that he won in the auction , but this will lead to DOS -attack and none of the remaining bidders won't be able to withdraw the funds stuck in the contract because there is no other function for them to use to get back their bids AFTER getAuctionEndTime:
Tools Used
Manual review
Recommended Mitigation Steps
Implement pull over push.
Assessed type
DoS
The text was updated successfully, but these errors were encountered: