Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Valid

Defenders cannot win bets

Summary

Unable to get bets when Defender wins Battle

Vulnerability Details

When the defender wins the battle, the contract will use the transferFrom method to transfer the Token to the defender.

credToken.transferFrom(msg.sender, _defender, _credBet);

But before using the transferFrom method, the owner of the Token needs to approve.
If the owner does not approve, the transaction will be rolled back. Therefore, the defender cannot get bets after winning the battle.

Impact

The defender cannot get bets after winning the battle, and the other player can battle without risk.

Tools Used

manual audit

Recommendations

Ask another person to transfer Token into the contract before the battle.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

missing check for sufficient `_credBet_` approval

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.