code-423n4 / 2021-06-pooltogether-findings

0 stars 0 forks source link

`onERC721Received` not implemented in `PrizePool` #118

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

shw

Vulnerability details

Impact

The PrizePool contract does not implement the onERC721Received function, which is considered a best practice to transfer ERC721 tokens from contracts to contracts. The absence of this function could prevent PrizePool from receiving ERC721 tokens from other contracts via safeTransferFrom.

Proof of Concept

Referenced code: PrizePool.sol

Recommended Mitigation Steps

Consider adding an implementation of the onERC721Received function in PrizePool.

kamescg commented 3 years ago

https://github.com/pooltogether/pooltogether-pool-contracts/pull/new/fix/118

https://github.com/pooltogether/pooltogether-pool-contracts/pull/300