Closed code423n4 closed 3 years ago
JMukesh
user should know the reason why certain condition is getting failed, that's why message should be provided with require()
in same deposit () function, at one line require message is used
require(pool.stakingToken != address(0), "LPStaking: Nonexistent pool");
but in next line require message is not used
require(IERC20Upgradeable(pool.stakingToken).transferFrom(msg.sender, address(this), amount));
https://github.com/code-423n4/2021-05-nftx/blob/main/nftx-protocol-v2/contracts/solidity/NFTXLPStaking.sol#L118
Handle
JMukesh
Vulnerability details
Impact
user should know the reason why certain condition is getting failed, that's why message should be provided with require()
Proof of Concept
in same deposit () function, at one line require message is used
require(pool.stakingToken != address(0), "LPStaking: Nonexistent pool");
but in next line require message is not used
require(IERC20Upgradeable(pool.stakingToken).transferFrom(msg.sender, address(this), amount));
https://github.com/code-423n4/2021-05-nftx/blob/main/nftx-protocol-v2/contracts/solidity/NFTXLPStaking.sol#L118
Tools Used
Recommended Mitigation Steps