Submission Details
Severity:
Invalid validation in approve()
Summary
According to the comments of the function approve in the erc721 facets contracts, it is a requirement for the tokens existence to be checked but that was not done in the function.
Vulnerability Details
The function should check if "_ownerOf(tokenId)==address(0)" which verifies that the tokenId exists so it can revert, if the function is called and tokenId doesn't exist it won't revert at that point.
Impact
Although the function later reverts, this particular invariant is not satisfied in the function.
Tools Used
Manual Review
Recommendation
Make sure to check if the tokenId exists in the function.
function approve(address to, uint256 tokenId) external {
if (tokenId > type(uint40).max) revert Errors.InvalidTokenId();
if (owner == address(0)) {
Errors.ERC721NonexistentToken(tokenId);
address owner = _ownerOf(tokenId);
if (to == owner) {
revert Errors.ERC721InvalidOperator(owner);
}
if (msg.sender != owner && !isApprovedForAll(owner, msg.sender)) {
revert Errors.ERC721InvalidApprover(msg.sender);
}
s.getApproved[tokenId] = to;
emit Events.Approval(owner, to, tokenId);
}
Prize pool breakdown
Total prize
55,000 USDC
nSLOC
3,36516 USDC / LOC
50,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.