First Flight #10: One Shot
First Flight #10
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing staking logic in `Streets::onERC721Received` can lead to permanent loss of OneShot NFTs

sweetjimmy0

Summary

onERC721Received is implemented in the Streets contract so that a user can directly send NFTs to it using safeTransferFrom but since it doesn't update the stakes mapping, there would be no way for the user to get back their NFT.

Vulnerability Details

Streets contract is meant to be able to receive NFTs sent directly to it's address but if a user does this (using safeTransferFrom), they will have their NFT stuck in the contract forever. This is because the only way to get an NFT out of the Streets contract is by calling the unstake function which checks the stakes mapping to make sure the user who had staked the NFT is the one unstaking it now. However, since onERC721Received doesn't update the stakes mapping, this check will fail and the user won't be able to get back their NFT.

Impact

Permanent loss of NFT.

Tools Used

Foundry

Recommendations

Put the staking logic in the onERC721Received function as well.

function onERC721Received(address, address from, uint256 tokenId, bytes calldata) external pure override returns (bytes4) {
stakes[tokenId] = Stake(block.timestamp, from);
emit Staked(from, tokenId, block.timestamp);
return IERC721Receiver.onERC721Received.selector;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.