Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Swan.sol does not implement necessary interface to handle Nfts

bhunter

Summary

Swan contract supposed to receive and transfer the assets(ntfs), however it does not support necessary interface

Vulnerability Details

The purchase function in Swan contract is defined as:

function purchase(address _asset) external {
//SNIP
// transfer asset from seller to Swan, and then from Swan to buyer
// this ensure that only approval to Swan is enough for the sellers
SwanAsset(_asset).transferFrom(listing.seller, address(this), 1);
SwanAsset(_asset).transferFrom(address(this), listing.buyer, 1);
// transfer money
token.transferFrom(listing.buyer, address(this), listing.price);
token.transfer(listing.seller, listing.price);
emit AssetSold(listing.seller, msg.sender, _asset, listing.price);
}

The function transfer the asset from seller to swan contract and later to buyer. However the contract does not implement ERC721TokenReceiver nor
onERC721Received function.

Ref:https://eips.ethereum.org/EIPS/eip-721

Impact

The contract will not able to handle the Nfts

Tools Used

Manual Review

Recommendations

Implement the necessary interface and functions

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Appeal created

bhunter Submitter
12 months ago
inallhonesty Lead Judge
12 months ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.