Lack of onERC721Received implementation can prevent contract from NFT Liquidation.
Summary
The NFTLquidator contracts lacks an onERC721Received implementation which is required by the ERC721 standard for receiving NFTs via transferFrom function. The omision deprives the contract of accepting liquidated NFTs, effectively hauting the liquidation process.
Vulnerability Details
In the liquidateNFT function, an NFT is transferred to the NFTLiquidator contract using nftContract.transferFrom(msg.sender, address(this), tokenId). Per the ERC721 standard, the token contract calls onERC721Received on the recepient(The NFTLiquidator). Since the NFTLiquidator lacks this implementation, the transferFrom call reverts, causing the entire NFTLiquidate function to fail.
Impact
The absence of onERC721Received renders the liquidation mechanism inoperable. NFT's cannot be transfered to the contract, preventing auctions and buybacks from proceeding. This undermines the contract's main functionality.
Tools Used
Manual review
Recommendations
Implement the onERC721Received function in NFTLiquidator to allow proper receipt of ERC721 tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.