First Flight #12: Kitty Connect

Beginner FriendlyFoundryNFTGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Locked NFT Because No Manual Execution Methode To Save Transaction in some case it Revert

touqeershah32

Summary

The chainlink CCIP provide Manual Execution of Transaction in case of something happen Like low fee , so you can open explore and pay extra fee , Run the Transitions Manually.

But it also provide way to run transaction manual in case of wrong sender EOA or contract Address is upgradable in that case you need som Supportive functions .

Vulnerability Details

NFT will be stuck in CCIP and no way to revert or process transactions in case of contract is upgrade and you put wrong addresss.
the contract didn't implement the ERC721::onERC721Received
the contract implement the ERC721::onERC721Received but with revert transaction inside or some-condition which not match inside it.

Code Example: Contract with Revert inside `ERC721::onERC721Received`.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
// Import the ERC721 token contract interface

import "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
// Contract that can receive ERC721 tokens

contract MyNFTReceiver is IERC721Receiver {

// Event to emit when an NFT is received

event NftReceived(address operator, address from, uint256 tokenId, bytes data);
/**
 * @dev Handles the receipt of an NFT
 * @param operator The address which called `safeTransferFrom` function
 * @param from The address which previously owned the token
 * @param tokenId The NFT identifier which is being transferred
 * @param data Additional data with no specified format
 * @return bytes4 Returns `bytes4(keccak256("onERC721Received(address,address,uint256,bytes)"))`
 */
function onERC721Received(
    address operator,
    address from,
    uint256 tokenId,
    bytes calldata data
)
    public
    virtual
    override
    returns (bytes4)
{
    // revert
     revert(true,"");
    // Return the magic value that indicates the contract conforms to the ERC721Receiver interface
    return this.onERC721Received.selector;
}

}

Impact

Lost NFT on the way to transfer and no way to recover.

Tools Used

Manual Review

Recommendations

Add function to get recovery in such case follow official Document of Chainlink ("https://docs.chain.link/ccip/tutorials/programmable-token-transfers-defensive")

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

nSLOC

235

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.