ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use safeTransferFrom instead of transferFrom for ERC721

tsueti

Summary

Tokens transferred out of the contract during unstaking will be lost if the receiver does not support ERC721

Vulnerability Details

The recipient could have logic in the onERC721Received() function, which is only triggered in the safeTransferFrom() function and not in transferFrom().

Ref: https://eips.ethereum.org/EIPS/eip-721

Code Snippet

https://github.com/jauvany/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/Escrow.sol#L39

IERC721(collection).transferFrom(msg.sender, address(this), id);

Impact

there is the potential loss of NFTs If the recipient is unable to handle the sent ERC721s.

Tools Used

Manual analysis

Recommendations

Use safeTransferFrom instead of transferFrom to check received address support for ERC721 implementation.

Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.