Skip to content

Latest commit

 

History

History
49 lines (29 loc) · 1.25 KB

087.md

File metadata and controls

49 lines (29 loc) · 1.25 KB
Raw

Loud Mocha Platypus

High

Some users cannot cancel auctions

Summary

Users who are smart contracts and do not implement OnERC721Received() will not be able to call Auction.cancelAuction() because of the ERC721 safeTransferFrom().

They can create auctions just fine without OnERC721Received via AuctionFactory.createAuction(), but once created will not be able to cancel auctions.

Also, they get their initial NFT just fine through _mint(). As long as safeMint() is not used to initially give them their veNFT, then there is no OnERC721Received "check" until they try to cancel an auction.

Root Cause

See Summary.

Internal pre-conditions

See Summary.

External pre-conditions

See Summary.

Attack Path

See Summary.

Impact

See Summary.

PoC

See Summary.

Mitigation

// https://github.com/sherlock-audit/2024-11-debita-finance-v3/blob/main/Debita-V3-Contracts/contracts/auctions/Auction.sol#L172-#L176
-        Token.safeTransferFrom(
+        Token.transferFrom(
            address(this),
            s_ownerOfAuction,
            s_CurrentAuction.nftCollateralID
        );