The claimNft() transfers NFT ownership, but it does not explicitly verify whether the transfer was successful
Summary
The TokenDivider::claimNft() transfers NFT ownership using safeTransferFrom(), but it does not explicitly verify whether the transfer was successful. While OpenZeppelin’s ERC721 guarantees correct behavior, adding an explicit ownership check enhances security and protects against interactions with non-standard ERC721 implementations.
Vulnerability Details
After burning all ERC-20 fractions, the function transfers the NFT. However, it does not verify that msg.sender successfully became the new owner. In OpenZeppelin’s implementation, safeTransferFrom() updates ownership before calling onERC721Received(), so the risk is low. However, if nftAddress refers to a non-standard ERC721 implementation that does not properly update ownership, the NFT could be lost or remain locked.
Impact
Possible issue if interacting with non-compliant or malicious NFT contract that does not correctly update ownership.
Could cause asset loss if a faulty ERC721 implementation allows state updates before ownership transfer completes.
Tools Used
Manual review
Recommendations
To enhance security, add an explicit verification step after safeTransferFrom():
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.