First Flight #12: Kitty Connect

First Flight #12: Kitty Connect
Beginner FriendlyFoundryNFTGameFi
100 EXP
View results
Submission Details
Severity: high
Invalid

Owner approval is never made making "safeTransferFrom()" unusable

Summary

Owner approval is never made making "safeTransferFrom()" unusable inside of "KittyConnect.sol".

Vulnerability Details

Owner approval is never made making "safeTransferFrom()" unusable inside of "KittyConnect.sol". When entering the "safeTransferFrom()" method the business logic leads to a check such as:

require(getApproved(tokenId) == newOwner, "KittyConnect__NewOwnerNotAppr

This code will always throw an error and will revert the transaction since no publicly exposed function for granting permission to the new owner from the old owner is present, therefore cannot be called explicitly before "safeTransferFrom()" so the above mentioned require check to pass, OR no call to function "approve(address to, uint256 tokenId)" from ERC721 contract is made implicitly inside of "safeTransferFrom()" (even though that will also break the invariant, because it is stated that the owner of the cat has to give the approval to the new owner, and not the shop partner, but still that will make the contract transfers possible) right before the above mentioned check resulting in granting access to the new owner. This vulnerability breaks the following invariant of the protocol: "* @notice but requires the approval of the cat owner to the new owner before shop partner calls this" which is stated in the doc above the "safeTransferFrom()";

Impact

High, since the safeTranferFrom() function inside the protocol will always revert, making the transfers impossible and protocol unusable.

Tools Used

Manual review.

Recommendations

Expose an external function such as:

function grantPermissions(address newOwner, uint256 tokenId) external {
require(_ownerOf(tokenId) == msg.sender, "KittyConnect__NotKittyOwner");
approve(newOwner, tokenId);
emit ApprovFromOwnerGranted(msg.sender, newOwner, tokenId);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
hashov Submitter
about 1 year ago

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.