Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev Throws...

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs

Lines of code 230, 342, 514, 536 Vulnerability details Impact The EIP-721 standard says the following about transferFrom: /// @notice Transfer ownership of an NFT -- THE CALLER IS RESPONSIBLE /// TO CONFIRM THAT to IS CAPABLE OF RECEIVING NFTS OR ELSE /// THEY MAY BE PERMANENTLY LOST /// @dev...

improper validations result in loss of funds.

Lines of code Vulnerability details Impact due the improper validation on amount , the users can pass Amount as 0 the calculated fee will be 0 and safeTranferFrom will pass. function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve =...

Multiple instances of reentrancy

Lines of code Vulnerability details Impact This can lead to massive loss of funds and asset in Nextgen. Proof of Concept There are multiple instances of reentrancy in NextGenCore.sol, MinterContract.sol and AuctionMemo.sol. These reentrancy is due to the use of ERC721 safeMint... for token transf...

Tokens having Fee-On-Transfer are not considered which will make the protocol in retaining less value than expected.

Lines of code Vulnerability details Impact The balance of the custodian Addresses will be smaller than what is expected, making the protocol fail to maintain the delta neutral position. Proof of Concept The function EthenaMinting.sol/transferCollateral is sending the tokens using safeTransferFrom...

Missing check to avoid zero transfer revert

Lines of code Vulnerability details Impact Cannot deploy market with originationFeeAmount == 0 for ERC20 asset which reverts on zero amount transfers. Proof of concept In deployMarket the following is executed: if originationFeeAsset != address0 originationFeeAsset.safeTransferFromborrower,...

balance of the recipient to is updated after the token transfer (safeTransferFrom function) could lead to reentrancy attack

Lines of code Vulnerability details Impact The balance of the recipient to is updated after the token transfer safeTransferFrom function. If the safeTransferFrom function triggers an external contract, and that contract, in turn, calls back to this contract, it can result in a reentrancy attack...

Vault funds can be stolen by a malicious Yield Vault.

Lines of code Vulnerability details Impact When a vault is initialized, it sets Max Token Approval for the Yield Vault which allows the Yield Vault to ALWAYS have access to the funds in the vault. Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an...

LSP8CompatibleERC721._checkOnERC721Received return value is incorrect

Lines of code Vulnerability details Impact Can be transferred to EOA through safeTransferFrom Proof of Concept problematic code call path safeTransferFrom-safeTransfer-checkOnERC721Received safeTransferFrom annotate / @inheritdoc ILSP8CompatibleERC721 @dev Compatible with ERC721 safeTransferFrom...

Using transferFrom on ERC721 tokens transfer

Lines of code Vulnerability details Impact The transferFrom method is used instead of safeTransferFrom which is not recommended. It can result in loss of NFT if the address is not able to handle the received NFT. OpenZeppelin’s documentation discourages the use of transferFrom, use safeTransferFr...

Using transferFrom on ERC20 tokens transfer

Lines of code Vulnerability details Impact The transferFrom method is used instead of safeTransferFrom which is not recommended. OpenZeppelin’s documentation discourages the use of transferFrom, use safeTransferFrom whenever possible Some tokens do not implement the ERC20 standard properly but ar...

NFT withdrawal grief

Lines of code Vulnerability details Impact A lienee whose NFT is not currently on loan may be prevented from withdrawing it. Proof of Concept A lienee who wishes to withdraw his NFT calls withdrawNftWithInterest which tries to IERC721.safeTransferFrom the NFT, which therefore reverts if the NFT i...

Lack of token approval reverts the overall trade

Lines of code Vulnerability details Impact Since the user has not approved the params.collateralAmount, calling the safeTransferFrom function will result in a revert due to the lack of token approval. The Exchange contract not receive any collateralAmount. Proof of Concept...

Incorrect usage of safeTransferFrom() function . This permanently traps ticketPrice in sender address (msg.sender )

Lines of code Vulnerability details Impact Because the callermsg.sender never gives approval for ERC20 transfers, calls to safeTransferFrom on the contract will revert with insufficient approval. This will trap from caller and unable to transfer ticketPrice to Lottery contract address. The root...

Owner unable to withdraw the amount since depositDeadline values already expired

Lines of code Vulnerability details Impact The stakermsg.sender lose his amount permanently once depositDeadline is over Proof of Concept DEPOSIT : function deposituint256 amount external override onlyOwner // slither-disable-next-line timestamp if block.timestamp depositDeadline revert...

Solmate safeTransfer and safeTansferFrom does not check the code size of the token address

Lines of code Vulnerability details Impact The safeTransfer and safeTransferFrom don't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds, because if safeTransfer and...

Solmate's safeTransfer can result in failed transfer with low level call and won't revert as it does not check the codesize of to address, which may lead to loss of funds

Lines of code Vulnerability details The following contract use solmate's SafeTransferLib : solmate/utils/SafeTransferLib.sol Solmate's safeTransfer / safeTransferFrom uses inline assembly call to transfer ether from contract to receiver. According to Solidity Docs the call may return true even if...

settleAuction() Check for status errors

Lines of code Vulnerability details Impact ClearingHouse.safeTransferFrom to execute successfully even if there is no bid Proof of Concept settleAuction is called at the end of the auction and will check if the status is legal function settleAuctionuint256 collateralId public if...

Proper use of dependecy

Lines of code Vulnerability details Impact Using safeTransferFrom of solmate. There is no checking the token address is exist Proof of Concept After consulting the dev, the only check for making sure the token exist is a list on the UI/fontend side. A highly motivated attacker can easily disable...