Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper State Re-Entrancy #131

Closed
aaitor opened this issue Aug 9, 2021 · 0 comments · Fixed by #145
Closed

Improper State Re-Entrancy #131

aaitor opened this issue Aug 9, 2021 · 0 comments · Fixed by #145
Assignees
@aaitor
Labels
bug Something isn't working severity:medium
Milestone
NFT 721 Security ...

Comments

@aaitor
Copy link
Member

aaitor commented Aug 9, 2021

TNT-01M: Improper State Re-Entrancy

Type Severity Location
Logical Fault Medium TransferNFT721Condition.sol:L137

Description:

The fulfill function performs a safeTransferFrom invocation on an ERC-721 token which notifies the recipient of the transfer. In case the recipient of the transfer is a smart contract, the recipient will be able to re-enter the contract and potentially set the same ID as fulfilled twice and emit a corresponding event as well as generally cause an incorrect state transition of the system.

Example:

if (_nftAmount == 1) {
    token.safeTransferFrom(msg.sender, _nftReceiver, uint256(_did));
}

ConditionStoreLibrary.ConditionState state = super.fulfill(
    _id,
    ConditionStoreLibrary.ConditionState.Fulfilled
);

emit Fulfilled(
    _agreementId,
    _did,
    _nftReceiver,
    _nftAmount,
    _id,
    _contract
);

return state;

Recommendation:

We advise re-entrancy to be prohibited here by either introducing the nonReentrant modifier of OpenZeppelin throughout the codebase, simply performing a transferFrom instead of a safeTransferFrom as both transfers are safely done despite what their name implies, or re-order the statements to perform the transfer at the bottom of the function. We should note that if transferFrom is used, the recipient is expected to be ERC-721 aware as otherwise the tokens transmitted could be permanently lost.
@aaitor aaitor added bug Something isn't working severity:medium labels Aug 9, 2021
@aaitor aaitor added this to the NFT 721 Security Issues milestone Aug 9, 2021
@aaitor aaitor self-assigned this Aug 9, 2021
@aaitor aaitor linked a pull request Aug 9, 2021 that will close this issue
Fixes resulting of ERC-721 security audit #145
Merged
aaitor added a commit that referenced this issue Aug 9, 2021
@aaitor
fixes #131 & #133
6761c62
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aaitor aaitor

Labels
bug Something isn't working severity:medium
Projects
None yet
Milestone
NFT 721 Security Issues
Development

Successfully merging a pull request may close this issue.

Fixes resulting of ERC-721 security audit nevermined-io/contracts
1 participant
@aaitor