The Swan::purchase function facilitates the transfer of SwanAsset ERC721 tokens from the seller to the buyer assuming approvals are already set up. However, there’s no guarantee that approvals exist if approvals are altered. It performs two transferFrom operations:
These calls assume that the necessary approvals are in place, specifically that the Swan contract is approved to transfer the SwanAsset on behalf of the seller. While the SwanAsset constructor sets Swan as an approved operator, there's an inherent risk if approvals are altered or revoked during the execution of the purchase function. If the seller revokes approval before both transfers complete, it could lead to transaction failures or inconsistencies between the asset's ownership and the contract's state.
Here's how a discrepancy will occur.
The seller lists their SwanAsset for sale, ensuring that Swan is set as an approved operator.
A buyer initiates the purchase function for the listed asset.
Before the purchase function completes, the seller revoke or alter the approval of the Swan contract for the SwanAsset.
The first transferFrom call (seller to Swan) succeeds, transferring the asset to the Swan contract.
The second transferFrom call (Swan to buyer) fails due to revoked or altered approvals.
The listing.status
is updated to Sold despite the asset not being successfully transferred to the buyer.
This enables sellers to receive funds without transferring assets, leading to financial losses for buyers. While direct exploitation requires specific actions by the seller, the impact on market integrity and user trust is significant.
Manual Review
Employ OZ's SafeERC20 and SafeERC721 libraries to handle token transfers securely, ensuring that any failures during transfers revert the entire transaction.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.