8 matches found
Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts
Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...
MintableIncentivizedERC721 incorrectly implements safe transfers
Lines of code Vulnerability details Impact MintableIncentivizedERC721 incorrectly implements safeTransfer and safeTransferFrom by simply replicating the unsafe transfer/transferFrom function. Raising as medium because as a consequence of this, these ERC721 tokens may end up locked in contracts th...
Upgraded Q -> M from 207 [1666364300864]
Judge has assessed an item in Issue 207 as Medium risk. The relevant finding follows: L-03 Use safeTransferFrom for ERC721 tokens Description As OpenZeppelin recommends, the transferFrom function should not be used for transferring ERC721 NFT tokens and instead the safeTransferFrom function shoul...
Upgraded Q -> M from 400 [1666366553858]
Judge has assessed an item in Issue 400 as Medium risk. The relevant finding follows: Use safeTransferFrom instead of transferFrom transferFrom can be replaced with safeTransferFrom as it makes sure that the receiver can handle ERC721 tokens and prevents it from being stuck in the contracts Refer...
Upgraded Q -> M from 119 [1654475092615]
Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: Checking whether the receiver is capable of holding ERC721 The contract usessafeTransfer for ERC20 but uses transferFrom for ERC721 in both exercise and withdraw which may lead to the loss of ERC721 if the...
Using transferFrom on ERC721 tokens transfer
Lines of code Vulnerability details Impact In the function closeLoan of contract NFTLoanFacilitator, collateral ERC721 token is sent to sendCollateralTo, the transferFrom keyword is used instead of safeTransferFrom. If any sendCollateralTo is a contract and is not aware of incoming ERC721 tokens,...
use of transferFrom
Lines of code Vulnerability details Impact NFTLoanFaciltator.closeLoan function uses transferFrom to transfer the collateral to "sendCollateralTo" address and if the contract and is not aware of incoming ERC721 tokens, the sent tokens could be locked forever Proof of Concept Tools Used Manual...
Using transferFrom on ERC721 tokens
Handle shw Vulnerability details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winners, the transferFrom keyword is used instead of safeTransferFrom. If any winner is a contract and is not aware of incoming ERC721 tokens, the sent...