DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

_checkOnERC721Received() is not called when new tokens are minted

0xtiwa

Summary

After minting is completed _checkOnERC721Received() is not called to verify if the target address which is the msg.sender implements {IERC721Receiver-onERC721Received}

Vulnerability Details

The ERC721 implementation used by the ERC721 facet contract does not properly call the corresponding callback when new tokens are minted. However The ERC721 standard states that the onERC721Received callback must be called when a Safemint or Safetransfer operation occurs which is ideal to prevent tokens from being stuck in a contract. However, the smart contracts interacting as users of the contracts will not be notified with the onERC721Received callback, as expected according to the ERC721 standard.

Impact

As a result of the mintNFT() not implementing the onERC71Received callback correctly when tokens are minted, it can lead to tokens being stuck in the target address if it is a contract.

function mintNFT(address asset, uint8 shortRecordId)

external

isNotFrozen(asset)

nonReentrant

onlyValidShortRecord(asset, msg.sender, shortRecordId)

{

if (shortRecordId == Constants.SHORT_MAX_ID) {

revert Errors.CannotMintLastShortRecord();

}

STypes.ShortRecord storage short =

s.shortRecords[asset][msg.sender][shortRecordId];

if (short.tokenId != 0) revert Errors.AlreadyMinted();

s.nftMapping[s.tokenIdCounter] = STypes.NFT({

owner: msg.sender,

assetId: s.asset[asset].assetId,

shortRecordId: shortRecordId

});

short.tokenId = s.tokenIdCounter;

//@dev never decreases

s.tokenIdCounter += 1;

}

Tools Used

Manual Review

Recommendations

Ensure that the ERC721 implementations execute the standard callback when they are required and also review all ERC standards to ensure that the contracts implement them correctly.

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

finding-114

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.