The GovNFT:safeTransferMany
function its not performing a _safeTransfer
#80
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-356
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/GovNFT.sol#L245-L249
Vulnerability details
Impact
The function
safeTransferMany
its not doing a_safeTransfer
its just using_transfer
Use of
_transfer
method for ERC721 is discouraged and recommended to use_safeTransfer
whenever possible by OpenZeppelin.
This is because
_transfer
cannot check whether the receiving address know how to handle ERC721 tokens. If the recipient is a contract not aware of incoming NFTs, then the transferred NFT would be locked in the recipient forever.The name of the function is
safeTransferMany
thats why its expected to do a_safeTransfer
Proof of Concept
Use
safeTransferMany
to transfer NFT to a contract and you will see that its no triggerin the expected callback hook on the receiver contract.Tools Used
Manual revision
Recommended Mitigation Steps
Use
_safeTransfer
instead of_transfer
, take in consideration that_safeTransfer
will trigger a callback to the receiver, so stick to check - effects - itterarion patternAlso you havent implemented a
_safeTransfer
as you do on_transfer
GovNFT.sol#L94-L101The text was updated successfully, but these errors were encountered: