NFTXUniqueEligibility/NFTXDenyEligibility use a reverseEligOnRedeem flag.
The eligibility is only checked by the vault on mint.
After the mint, the eligibility of the NFT can be changed to be uneligible again.
Then by the name of reverseEligOnRedeem one would expect it to reverse/toggle the eligibility on redeem, but it always sets it to uneligible instead.
It acts like an uneligOnRedeem flag.
Impact
Could be a logic error or just a misnaming and then be misinterpreted by vault managers.
Recommended Mitigation Steps
Change the name to uneligOnRedeem or fix the afterRedeemHooks to actually toggle the eligibility.
Handle
@cmichelio
Vulnerability details
Vulnerability Details
NFTXUniqueEligibility/NFTXDenyEligibilityuse areverseEligOnRedeemflag. The eligibility is only checked by the vault on mint. After the mint, the eligibility of the NFT can be changed to be uneligible again.Then by the name of
reverseEligOnRedeemone would expect it to reverse/toggle the eligibility on redeem, but it always sets it to uneligible instead.It acts like an
uneligOnRedeemflag.Impact
Could be a logic error or just a misnaming and then be misinterpreted by vault managers.
Recommended Mitigation Steps
Change the name to
uneligOnRedeemor fix theafterRedeemHooks to actually toggle the eligibility.