Skip to content
This repository has been archived by the owner on Jan 12, 2025. It is now read-only.

nikhil840096 - MlumStaking:safeTransferFrom will not work as expected hence failing in transfer of TokenId. #489

Closed
sherlock-admin4 opened this issue Jul 15, 2024 · 2 comments
Closed

nikhil840096 - MlumStaking:safeTransferFrom will not work as expected hence failing in transfer of TokenId. #489

sherlock-admin4 opened this issue Jul 15, 2024 · 2 comments
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout

Comments

@sherlock-admin4
Copy link

sherlock-admin4 commented Jul 15, 2024
edited
Loading

nikhil840096

Medium

MlumStaking:safeTransferFrom will not work as expected hence failing in transfer of TokenId.

Summary

MlumStaking:safeTransferFrom is made to transfer the Position's tokenId .

Vulnerability Detail

MlumStaking:safeTransferFrom overrides ERC721Upgradeable and IERC721, also MlumStaking:transferFrom overrides ERC721Upgradeable, IERC721 Now let's go with the execution. Aslo note that MlumStaking:safeTransferFrom and MlumStaking:transferFrom has nonReentrant modifier.
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L336-L342
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L325-L331

user => MlumStaking:safeTransferFrom => ERC721Upgradeable.safeTransferFrom => transferFrom(MlumStaking:transferFrom)// Here Execution halts due to non reentrant modifier both the function using

ERC721Upgradeable.safeTransferFrom calls ERC721Upgradeable.transferFrom this function is overriden by the MlumStaking:transferFrom so the execution will get here and will fail due to non-reentrant modifier. As if user tries to burn using safeTransferFrom , sending it to address(0), this functionality will not work, due to above explained reasons.

Impact

  • Users will not be able to use the this functionality as expected , breaking the functionality of the contract.
  • Functionality is not working as expected by the protocol.

Code Snippet

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L336-L342
https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L325-L331

Tool used

Manual Review

Recommendation
@github-actions github-actions bot added the Excluded Excluded by the judge without consulting the protocol or the senior label Jul 21, 2024
@0xSmartContract
Copy link
Collaborator

If a function that uses the reentrancy modifier is called twice during the call, the transaction will revert, but I haven't seen a call sequence where this is possible, I'd like to see a working POC on the subject

I also think the probability of this happening is very low and there is no loss of funds

@0xSmartContract 0xSmartContract mentioned this issue Jul 27, 2024
Closed
@0xSmartContract
Copy link
Collaborator

0xSmartContract commented Jul 28, 2024
edited
Loading

https://github.com/sherlock-audit/2024-06-magicsea/blob/main/magicsea-staking/src/MlumStaking.sol#L751-L765

As of the current codebase, transferring of the NFT itself is already forbidden. So invalid

(2024-06-magicsea - Readme)

Q: Should potential issues, like broken assumptions about function behavior, be reported if they could pose risks in
future integrations, even if they might not be an issue in the context of the scope? If yes, can you elaborate on
properties/invariants that should hold?
No

This was referenced Jul 28, 2024
Closed
Closed
Closed
@sherlock-admin4 sherlock-admin4 changed the title Acidic Cloth Pigeon - MlumStaking:safeTransferFrom will not work as expected hence failing in transfer of TokenId. nikhil840096 - MlumStaking:safeTransferFrom will not work as expected hence failing in transfer of TokenId. Jul 29, 2024
@sherlock-admin4 sherlock-admin4 added the Non-Reward This issue will not receive a payout label Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Excluded Excluded by the judge without consulting the protocol or the senior Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xSmartContract @sherlock-admin4