3 matches found
Upgraded Q -> 2 from #245 [1683017351880]
Judge has assessed an item in Issue 245 as 2 risk. The relevant finding follows: L-05 PrivatePoolMetadata.tokenURI is not compliant with EIP721 It implements PrivatePoolMetadata.tokenURI , a function overriding ERC721's tokenURI. This function returns the metadata URI of the provided token ID The...
Wrong implemention of ERC721TokenReceiver interface leads to incorrect collateral ownership and NFT loss
Lines of code Vulnerability details Impact To add a collateral, one could send the NFT directly to the contract, onERC721Received is called then to handle adding the collateral to the vault. However, if the user sends the NFT via an operator then the ownership of the collateral will be assigned t...
Merkle Tree criteria can be resolved by wrong tokenIDs
Lines of code Vulnerability details Impact The protocol allows specifying several tokenIds to accept for a single offer. A merkle tree is created out of these tokenIds and the root is stored as the identifierOrCriteria for the item. The fulfiller then submits the actual tokenId and a proof that...