cemozerr
commented
3 years ago Keeping this as low-risk as flash loan returning the project does not pose a security threat for the NFTX project itself
Open code423n4 opened 3 years ago
cemozerr
commented
3 years ago Keeping this as low-risk as flash loan returning the project does not pose a security threat for the NFTX project itself
Handle
@cmichelio
Vulnerability details
Vulnerability Details
The
NFTXVaultUpgradeable.flashLoanis not correctly implemented according to EIP-3156 (but it tries to implement it as it inherits fromIERC3156FlashLenderUpgradeable).It misses the return and currently always returns
false.Impact
Always returning
falseindicates that the flash loan was unsuccessful when in reality it could have been successful. This breaks any contract trying to integrate with it.Recommended Mitigation Steps
Add the return statement:
return super.flashLoan(...)