ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

StarklaneEscrow::_withdrawFromEscrow function has no validation of input parameters like `collection`, `to`, and `id` which can lead to errors.

emma77

Summary

`StarklaneEscrow::_withdrawFromEscrow` function implements the Withdraw a token from escrow. This function has some Invalid addresses or IDs that could cause unexpected behavior or errors.

Vulnerability Details

IERC721(collection).safeTransferFrom(from, to, id);
IERC1155(collection).safeTransferFrom(from, to, id, 1, "");

function _withdrawFromEscrow(
CollectionType collectionType,
address collection,
address to,
uint256 id
)
internal
returns (bool)
{
if (!_isEscrowed(collection, id)) {
return false;
}
address from = address(this);
if (collectionType == CollectionType.ERC721) {
@> IERC721(collection).safeTransferFrom(from, to, id); //@audit
// TODO:
// Check here if the token supply is currently 0.
@> IERC1155(collection).safeTransferFrom(from, to, id, 1, ""); //@audit
}
_escrow[collection][id] = address(0x0);
return true;
}

Impact

lead to unexpected behavior or errors.

Tools Used

manual review

Recommendations

Implement checks to validate input parameters.

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.