Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

sh0velware - safeTransferFrom() function will never work as intended #264

Closed
sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Closed

sh0velware - safeTransferFrom() function will never work as intended #264

sherlock-admin2 opened this issue Jul 15, 2024 · 0 comments
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Jul 15, 2024
edited by sherlock-admin4
Loading

sh0velware

Medium

safeTransferFrom() function will never work as intended

Summary

The safeTransferFrom() function will never work as intended because of the usage of nonReentrantModifier().

Vulnerability Detail

The nonReentrant modifier is used in transferFrom() and safeTransferFrom() functions. Since there is an additional public call to safeTransferFrom(from, to, tokenId, "") in safeTransferFrom(), the nonReentrant modifier will prevent this second call to be performed, leading to an unexpected revert every time that safeTransferFrom() is called.

Impact

The safeTransferFrom() function will revert every time with ReentrancyGuardReentrantCall(), not working as intended.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L336

    /**
     * @dev Add nonReentrant to ERC721.safeTransferFrom
     */
    function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory _data)
        public
        override(ERC721Upgradeable, IERC721)
        nonReentrant
    {
        ERC721Upgradeable.safeTransferFrom(from, to, tokenId, _data);
    }

Tool used

Manual Review

Recommendation

Remove nonReentrant modifier.

Duplicate of #489
@github-actions github-actions bot mentioned this issue Jul 21, 2024
Closed
@github-actions github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Jul 21, 2024
@sherlock-admin4 sherlock-admin4 changed the title Huge Banana Swan - safeTransferFrom() function will never work as intended sh0velware - safeTransferFrom() function will never work as intended Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Non-Reward This issue will not receive a payout label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin2 @sherlock-admin4