NFT lending marketplace backing Sablier could suffer significant losses
Summary
According to the documentation, the hook usage of the protocol is used to support NFT lending marketplace. The NFT lending marketplace will receive the current status of the NFT. However, if the try call fails due to insufficient gas, the NFT lending marketplace will not correctly update the NFT value.
Vulnerability Details
Suppose there is an NFT lending marketplace A. A obtained the NFT of the user's lend, thereby lending money to the user, and monitored all hooks.
But there is an attacker B. B creates a cancelable NFT himself, and then goes to A to lend funds. Then the cancel function is called to recover the locked funds in the NFT. However, the gas has been calculated for this transaction and will definitely be reverted when try is executed. However, due to the characteristics of try, this cancel transaction can still be executed successfully. In this way, B steals A's funds.
Impact
NFT lending marketplace backing Sablier could suffer significant losses.
Tools Used
manual
Recommendations
Hooks cannot realize the designed function, and other methods need to be used to monitor changes in funds.
Lead Judging Commences
Someone could skip callback by sending just the right amount of gas
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.