The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`SmartVaultManagerV5::liquidateVault` liquidated vaults can still be sold after liquidation

DarkTower

Summary

Vaults liquidated can still be sold/exchanged on Opensea or similar marketplaces long after liquidation. ERC721 approvals remain even after vault liquidations. This allows a malicious vault owner to sell their vault in the open marketplace due to having set previous approvals e.g for the Opensea trade contract address or any other such addresses.

Vulnerability Details

FILE: SmartVaultManagerV5.sol: Line 139-143

function _afterTokenTransfer(address _from, address _to, uint256 _tokenId, uint256) internal override {

smartVaultIndex.transferTokenId(_from, _to, _tokenId);

@> if (address(_from) != address(0)) ISmartVault(smartVaultIndex.getVaultAddress(_tokenId)).setOwner(_to); // @audit ownership gets transferred to the the receiving address after a transfer of such NFT

emit VaultTransferred(_tokenId, _from, _to);

}

As stated before, ERC721 token approval persist regardless of the owner of the NFT. The following scenario can be true:

Alice owns vault 1 NFT
Alice approves Opensea for a future sale of vault 1 NFT
Alice becomes liquidated on The Standard
Alice immediately lists vault 1 NFT on Opensea Marketplace
Bob purchases Alice's vault 1 NFT
Bob essentially bought nothing of value after figuring out the vault related to the NFT has been liquidated.

Impact

Malicious approvals can be used to resell liquidated vaults that no longer worth anything on the open market. One such marketplace is the Opensea NFT marketplace.
Honeypots buyers

Tools Used

Manual review

Recommendations

Revoke all token approvals for the vault's NFT after liquidating the vault or better yet, just burn the NFT of the liquidated vault.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

informational/invalid

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.