First Flight #12: Kitty Connect

Beginner FriendlyFoundryNFTGameFi

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Users can use ERC721 non overriden public function which is not overriden in KittyConnect

AshishLac

Summary

Currentu KittyConnect has function safeTransferFrom() which can be called by Shop partners only. But there is a another function(safeTransferFrom with 3 argument or transferFrom() functions) in ERC721 which can be called by NFT owners directly which will leads to incorrect data in s_catInfo variable as it will not be updated by transfer() function

Vulnerability Details

safeTransferFrom() with 3 aguments or Transferfrom() function can be called by User to transfer NFT to someone else. These functions will not update data in s_catInfo. As current owner, new owners are not changes, it can lead to lot of confusion to the end users.

Impact

Will be lot of confusion to the end users.

Tools Used

VS code, Foundry

Recommendations

Override other functions and revert it (or) dont add any code in it, so if someone calls there is no NFT transfer happens.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

ERC721 `transferFrom` not overriden

Rewards breakdown

nSLOC

235

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.