Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Invalid

Arbitrary and Staking `from` passed to `transferFrom` (or `safeTransferFrom`)

Summary

Passing an arbitrary from address to transferFrom (or safeTransferFrom) can lead to loss of funds, because anyone can transfer tokens from the from address if an approval is made.

Vulnerability Details

  • Found in src/Airdrop.sol Line: 84

    loveToken.transferFrom(
  • Found in src/Staking.sol Line: 92

    loveToken.transferFrom(

Detect when msg.sender is not used as from in transferFrom.

Impact

Because anyone can transfer funds from the from address upon approval, there is an inherent risk of loss of funds as a result.

Tools Used

Aderyn and Slither

Recommendations

Use msg.sender as from in transferFrom.

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.