Core Contracts

Summary

The StabilityPool contract fails to accept NFTs when transferring via the raacNFT.transferFrom() function because it does not implement the IERC721Receiver interface required to receive ERC721 tokens. This results in failed NFT transfers during the liquidation process, causing potential disruptions in the functionality of the liquidation process and funds transfer in the protocol.

Vulnerability Details

The StabilityPool contract is intended to receive NFTs during the liquidation process. However, the contract does not implement the onERC721Received() function, which is required to handle the safe receipt of NFTs in compliance with the ERC721 standard. Without this function, the StabilityPool will reject incoming NFTs sent by the raacNFT.transferFrom() call, resulting in failures in liquidation.( finalizeLiquidation function of LendingPoolsmart contract)

• The vulnerable function is:

  raacNFT.transferFrom(address(this), stabilityPool, tokenId);

• The StabilityPool does not handle the onERC721Received callback, leading to failed transfers of NFTs from users’ addresses to the stability pool during liquidation.

Impact

• Disruption of liquidation process: If NFTs are not successfully transferred to the StabilityPool, the liquidation process cannot be completed as intended. This results in the inability to finalize debt payments, creating a potential loss of funds and liquidity within the system.

• Protocol malfunction: The inability to manage NFT transfers could trigger errors and impact the protocol’s overall stability, especially in automated liquidation scenarios.

• User dissatisfaction: Users relying on the liquidation process to resolve debt could face issues with their NFTs not being returned or properly processed.

Tools Used

Manual Review of Smart Contract Code

Recommendations

Implement IERC721Receiver: The StabilityPool contract must implement the IERC721Receiver interface and the required onERC721Received() callback to handle incoming NFT transfers.