DatingDapp
First Flight #33
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Soulbound NFT can be transferred to other account

al88nsk

Summary

Soulbound NFT can be transferred to other account, but it must not be possible to do that.

Vulnerability Details

Contract SoulboundProfileNFT overrides function transferFrom(address, address, uint256) and function safeTransferFrom(address, address, uint256, bytes memory) to disallow transfers of the NFT. However, the contract does not overrides function safeTransferFrom(address, address, uint256) and users can transfer the NFT using this function.

Impact

Soulbound NFT can be transferred to other account

Tools Used

Manual review

Recommendations

Override function ``:

+function safeTransferFrom(address, address, uint256) public pure override {
+ // Soulbound token cannot be transferred
+ revert SoulboundTokenCannotBeTransferred();
+}
function safeTransferFrom(address, address, uint256, bytes memory) public pure override {
// Soulbound token cannot be transferred
revert SoulboundTokenCannotBeTransferred();
}
Updates

Appeal created

n0kto Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_safeTransferFrom_not_fully_override

Likelihood: Anyone can call `safeTransferFrom(address, address, uint256, bytes memory)` Impact: Medium/High, NFT are not Soulbound anymore.

riceee Auditor
7 months ago
osuolale Auditor
7 months ago
mnedelchev_ Auditor
7 months ago
n0kto Lead Judge
7 months ago
n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.