talegift
commented
2 years ago Invalid. This is not possible.
LendingPair is using a single hardcoded address for the ERC721 contract - Uniswap V3 Position Manager
https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/LendingPair.sol#L26
We don't accept random ERC721 tokens.
ghoul-sol
Handle
pants
Vulnerability details
Reentrancy problem in withdraw for any token with callback in transfer. Thereare multiple standards that allow that and therefore allows reentrancy attacks on your contract.
https://github.com/code-423n4/2021-09-wildcredit/blob/main/contracts/LendingPair.sol line 115