Submission Details
Severity:
The rescueToken function currently only handles the rescue of ERC20 tokens, but not NFT (ERC721)
Summary
The rescueToken function currently only handles the rescue of ERC20 tokens, but not NFT (ERC721).
Vulnerability Details
function rescueToken(address tokenAddress, address recipient, uint256 amount) external onlyOwner {
require(tokenAddress != reserve.reserveRTokenAddress, "Cannot rescue RToken");
IERC20(tokenAddress).safeTransfer(recipient, amount);
}
If there is a possibility of NFT being transferred by mistake in the contract, a dedicated function should be added to handle this situation. Similar to the rescue of ERC20 tokens above.
Impact
If only the rescue of erc20 (not reserve.reserveRTokenAddress) is considered without considering other rescues, this will cause the redundant (mis-stored) NFT to be permanently frozen.
Tools Used
Manual review
Recommendations
/**
* @notice Rescue NFTs mistakenly sent to this contract
* @dev Only callable by the contract owner
* @param nftAddress The address of the ERC721 NFT contract
* @param recipient The address to send the rescued NFT to
* @param tokenId The tokenId of the NFT to rescue
*/
function rescueNFT(address nftAddress, address recipient, uint256 tokenId) external onlyOwner {
require(nftAddress != address(raacNFT), "Cannot rescue reserve NFT");
IERC721(nftAddress).safeTransferFrom(address(this), recipient, tokenId);
}
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.