Vault's flash loan not implemented according to EIP-3156 #54

code423n4 · 2021-05-11T13:53:38Z

Handle

@cmichelio

Vulnerability details

Vulnerability Details

The NFTXVaultUpgradeable.flashLoan is not correctly implemented according to EIP-3156 (but it tries to implement it as it inherits from IERC3156FlashLenderUpgradeable).

"If successful, flashLoan MUST return true." - https://eips.ethereum.org/EIPS/eip-3156

It misses the return and currently always returns false.

Impact

Always returning false indicates that the flash loan was unsuccessful when in reality it could have been successful.
This breaks any contract trying to integrate with it.

Recommended Mitigation Steps

Add the return statement: return super.flashLoan(...)

The text was updated successfully, but these errors were encountered:

cemozerr · 2021-05-25T21:05:55Z

Keeping this as low-risk as flash loan returning the project does not pose a security threat for the NFTX project itself

code423n4 added 3 (High Risk) bug Something isn't working labels May 11, 2021

code423n4 added a commit that referenced this issue May 11, 2021

@cmichelio issue #54

a00e9a8

0xKiwi added 1 (Low Risk) Confirmed and removed 3 (High Risk) labels May 13, 2021

0xKiwi closed this as completed May 21, 2021

cemozerr reopened this May 25, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vault's flash loan not implemented according to EIP-3156 #54

Vault's flash loan not implemented according to EIP-3156 #54

code423n4 commented May 11, 2021

cemozerr commented May 25, 2021

Vault's flash loan not implemented according to EIP-3156 #54

Vault's flash loan not implemented according to EIP-3156 #54

Comments

code423n4 commented May 11, 2021

Handle

Vulnerability details

Vulnerability Details

Impact

Recommended Mitigation Steps

cemozerr commented May 25, 2021