ERC721::transferFrom
Description: The NFT bridge protocol utilizes an overridden safeTransferFrom function to ensure that the transfer of Kitty NFTs between users is authorized by shop partners. This mechanism is prbably designed to ensure cats security!! by ensuring that all transfers are approved by the designated shop partners. However, after the current owner approves the NFT transfer, the new owner can subsequently use the ERC721::transferFrom function to transfer the NFT without the required shop authorization.
Impact: It can enable unauthorized transfers, and also because the transfer is not done via safeTransferFrom
the KittyConnect::_updateOwnershipInfo
is not called and the storage variables and mappings saving cats owners data are not updated.
Proof of Concept:
Exploit Steps:
currOwner (user) approves transfer to newOwner
newOwner transfers the NFT using transferFrom
use the following test in the protocol test suit:
Recommended Mitigation: To fix this issue we can also override the transferFrom
function to use onlyShopPartner
modifier and also update the state variables.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.