Dria

Swan

NFTHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

NFT transfer blocks new owner from relisting for sale

tigerfrake

Summary

In the current implementation, once a user lists an NFT for sale, they remain recorded as the seller in the AssetListing data structure, even if they transfer the NFT to another address. This prevents the new NFT owner from relisting or selling the asset, effectively locking the asset in an unsellable state.

The relist() function requires the caller to be the recorded seller, blocking the current owner from initiating a new sale.

Vulnerability Details

When a seller (e.g., Alice) lists an NFT for sale, the contract creates an entry in listings that stores Alice as the seller:

address asset = address(swanAssetFactory.deploy(_name, _symbol, _desc, msg.sender));

listings[asset] = AssetListing({

createdAt: block.timestamp,

royaltyFee: buyer.royaltyFee(),

price: _price,

>> seller: msg.sender,

status: AssetStatus.Listed,

buyer: _buyer,

round: round

});

However, if Alice transfers the NFT to another address (e.g., Bob), Bob cannot relist the asset because the relist() function checks that the caller matches the recorded seller:

// only the seller can relist the asset

if (asset.seller != msg.sender) {

revert Unauthorized(msg.sender); // This check blocks new owners from relisting

}

Since the seller remains set to Alice, Bob fails the authorization check, preventing any further sale of the asset unless Alice reacquires the NFT.

Impact

This vulnerability locks the asset, preventing new NFT owners from listing or selling it. As a result, marketplace functionality is disrupted for transferred assets.

Tools Used

Manual Review

Recommendations

Modify the relist() function to check the current owner of the NFT rather than relying on the initial seller recorded in AssetListing.

- if (asset.seller != msg.sender) {

+ if (SwanAsset(_asset).ownerOf(1) != msg.sender) {

revert Unauthorized(msg.sender);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,034

20 USDC / LOC

High Medium

20,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.