First Flight #9: Soulmate
First Flight #9
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Soulbound NFTs can be transferred using safeTransferFrom

happyformerlawyer

Summary

Soulbound tokens are supposed to never be transferred to another account. The protocol attempts to do this by overriding the transferFrom() function in ERC721.sol with a function that reverts when called. The problem is that ERC721.sol also has another transfer function safeTransferFrom() and Soulmate.sol does not override this function, so users could use safeTransferFrom() to transfer their soulbound NFT.

Vulnerability Details

Here is the overriding of transferFrom() in Soulmate.sol but there is no override of safeTransferFrom():

function transferFrom(address, address, uint256) public pure override {
// Soulbound token cannot be transfered
// Having a soulmate is for life !
revert Soulmate__SoulboundTokenCannotBeTransfered();
}

Impact

People will be able to transfer NFTs that are not meant to be transferred

Tools Used

Manaul review

Recommendations

Also override safeTransferFrom(address, address, uint256) as well as safeTransferFrom(address, address, uint256, bytes)...add the following functions to Soulmate.sol and make the 3 transfer functions in ERC721.sol virtual:

function safeTransferFrom(address, address, uint256) public pure override {
// Soulbound token cannot be transfered
// Having a soulmate is for life !
revert Soulmate__SoulboundTokenCannotBeTransfered();
}
function safeTransferFrom(address, address, uint256, bytes) public pure override {
// Soulbound token cannot be transfered
// Having a soulmate is for life !
revert Soulmate__SoulboundTokenCannotBeTransfered();
}
Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.