cemozerr
commented
3 years ago Marking this as high risk because one nefarious feeReceiver can in fact deny other users to receive their fees
Open code423n4 opened 3 years ago
cemozerr
commented
3 years ago Marking this as high risk because one nefarious feeReceiver can in fact deny other users to receive their fees
Handle
@cmichelio
Vulnerability details
Vulnerability Details
NFTXEligiblityManager._sendForReceivershould checkreturnData.length == 1before decoding, otherwise if it returns no return data, theabi.decodecall and with it the wholedistributefunction will revert.Impact
A single badly implemented
feeReceivercan break the wholedistributefunction and do a denial of service by reverting the transaction.Recommended Mitigation Steps
Change to:
bool tokensReceived = returnData.length == 1 && abi.decode(returnData, (bool));.