Lucene search

K
code423n4Code4renaCODE423N4:2021-05-VISORFINANCE-FINDINGS-ISSUES-20
HistoryMay 17, 2021 - 12:00 a.m.

nftApprovals not reset in transferERC721

2021-05-1700:00:00
Code4rena
github.com
7
transfererc721
nftapprovals
vulnerability
mitigation
nft
approval

Handle

gpersoon

Vulnerability details

Impact

The function transferERC721 checks for nftApprovals, however it never reset the value of nftApprovals.
This means if the NFT would end up in the contract again in the future, it could be transferred again without an explicit approval.

Proof of Concept

function transferERC721(
address to,
address nftContract,
uint256 tokenId
) external {
if(msg.sender != _getOwner()) {
require( nftApprovals[keccak256(abi.encodePacked(msg.sender, nftContract, tokenId))], β€œNFT not approved for transfer”);
}
…
_removeNft(nftContract, tokenId);
IERC721(nftContract).safeTransferFrom(address(this), to, tokenId);
}

Tools Used

Editor

Recommended Mitigation Steps

Set nftApprovals[keccak256(abi.encodePacked(msg.sender, nftContract, tokenId))] = 0


The text was updated successfully, but these errors were encountered:

All reactions