DittoETH

Summary

The transferFrom() function in the ERC721Facet contract does not validate the existence of a token before proceeding with the transfer operation. This could potentially lead to unexpected behavior or loss of assets.

Vulnerability Details

In the current implementation of the transferFrom() function, there is no check to ensure that the tokenId passed to the function corresponds to an existing token. If a tokenId that does not exist is passed to the function, it does not revert or throw an error. Instead, it proceeds with the transfer operation, which could lead to unexpected behavior or potential loss of assets.

Impact

The impact of this vulnerability is potentially high. If exploited, it could lead to loss of assets or unexpected behavior of the contract. It could also lead to inconsistencies in the state of the contract, as it would allow operations on non-existent tokens.

Tools Used

manual review

Recommendations

To mitigate this vulnerability, a check should be added at the beginning of the transferFrom() function to ensure that the tokenId exists. This can be done by calling the _exists() function with the tokenId as an argument, and if it returns false, the function should revert with an appropriate error message.

Here's how it could look:

function transferFrom(address from, address to, uint256 tokenId) public {
// Check if tokenId exists
require(_exists(tokenId), "ERC721: operator query for nonexistent token");

// Rest of the function...

}