Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

minhquanym - safeTransferFrom() always revert because of nonReentrant modifier #338

Closed
sherlock-admin3 opened this issue Jul 15, 2024 · 0 comments
Closed

minhquanym - safeTransferFrom() always revert because of nonReentrant modifier #338

sherlock-admin3 opened this issue Jul 15, 2024 · 0 comments
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@sherlock-admin3
Copy link
Contributor

sherlock-admin3 commented Jul 15, 2024
edited by sherlock-admin4
Loading

minhquanym

Medium

safeTransferFrom() always revert because of nonReentrant modifier

Summary

MlumStaking override the safeTransferFrom() function but adding a nonReentrant modifier, which will make this function always revert.

Vulnerability Detail

In MlumStaking contract, function safeTransferFrom and transferFrom are overriden to add a nonReentrant modifier to them.

However, because of adding a nonReentrant modifier, the function safeTransferFrom will produce all calls to this function to revert, since internally safeTransferFrom function calls to transferFrom and this functions also implements a nonReentrant modifier.

Impact

safeTransferFrom() always revert.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L325-L342
In MlumStaking.sol

/**
 * @dev Add nonReentrant to ERC721.transferFrom
 */
function transferFrom(address from, address to, uint256 tokenId)
    public
    override(ERC721Upgradeable, IERC721)
    nonReentrant
{
    ERC721Upgradeable.transferFrom(from, to, tokenId);
}

/**
 * @dev Add nonReentrant to ERC721.safeTransferFrom
 */
function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory _data)
    public
    override(ERC721Upgradeable, IERC721)
    nonReentrant
{
    ERC721Upgradeable.safeTransferFrom(from, to, tokenId, _data);
}

In OZ lib ERC721Upgradeable.sol

/**
 * @dev See {IERC721-safeTransferFrom}.
 */
function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public virtual {
    transferFrom(from, to, tokenId);
    _checkOnERC721Received(from, to, tokenId, data);
}

Tool used

Manual Review

Recommendation

Consider removing these overriden functions.

Duplicate of #489
@github-actions github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Jul 21, 2024
@sherlock-admin4 sherlock-admin4 changed the title Dapper Basil Crab - safeTransferFrom() always revert because of nonReentrant modifier minhquanym - safeTransferFrom() always revert because of nonReentrant modifier Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Non-Reward This issue will not receive a payout label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sherlock-admin3 @sherlock-admin4