Lack of `IERC721Receiver ` implementation on BuyerAgent, leading to Potentially Locked NFTs.
Vulnerability Details
In the BuyerAgent.sol contract, the buyer agent receives NFTs via the purchase() function. However, the BuyerAgent contract does not implement the IERC721Receiver interface, which is required for contracts that receive ERC721 tokens (NFTs).
When an NFT is transferred to a contract that does not implement the IERC721Receiver interface, the transfer may succeed, but the NFT could become inaccessible or permanently locked within the contract. This is because ERC721 tokens require contracts to implement the onERC721Received() function to safely handle incoming NFT transfers.
Impact
Locked NFTs: NFTs transferred to the BuyerAgent contract may become permanently inaccessible if the contract does not implement IERC721Receiver. This could result in assets being locked within the contract with no way to recover or transfer them.
Non-Standard Behavior: The lack of IERC721Receiver implementation violates standard ERC721 practices, which expect receiving contracts to implement this interface
Tools Used
Manual review
Recommendations
Implement IERC721Receiver Interface on BuyerAgent contract : The BuyerAgent contract should implement the IERC721Receiver interface to ensure that it can safely receive and manage NFTs. This includes implementing the onERC721Received() function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.