QA Report #81
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
##Low
#Title : User might accidentally sent to market
Explanation : the Market contract preventing user to send eth directly to the contract by adding
https://github.com/code-423n4/2022-02-foundation/blob/main/contracts/mixins/NFTMarketCore.sol#L36
, however by calling withdrawFrom() with set theto
parameter to market contract, then the market willingly except eth, since the msg.sender is feth, by adding check withrequire(to != address(market))
on withdrawFrom(), this can prevent user accidentally send etc to the market contract.Navigation : https://github.com/code-423n4/2022-02-foundation/blob/main/contracts/FETH.sol#L418
#Title : Signature replay on NFTMarketPrivateSale
Explanation : A seller sign a message when the seller want to approve the buyer to buy the NFT, however there no nonce in place for the digest calculation, therefore in certain condition the buyer might buy the NFT again from the seller.
POC :
Navigation : https://github.com/code-423n4/2022-02-foundation/blob/main/contracts/mixins/NFTMarketPrivateSale.sol#L162
The text was updated successfully, but these errors were encountered: