The _depositIntoEscrow() function uses the transferFrom() directly from the ERC721 which is consodered unsafe, not using safeTransferFrom while depositing tokens to the escrow in a bridge contract can lead to security issues due to non-compliance with the ERC721 standard.
The safeTransferFrom method in ERC721 ensures that the receiving contract is prepared to handle ERC721 tokens, which prevents tokens from being locked in contracts that do not recognize them. Omitting this call can result in tokens being sent to contracts without proper handling mechanisms.
Not using the safeTransferFrom() can result in irreversible loss of tokens, as they may become stuck in contracts that cannot interact with them.
Manual code review
It is advised to update the token transfer logic to include safeTransferFrom instead of a regular transfer method.
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.