Using `transferFrom` on ERC721 tokens transfer

[code423n4]

Lines of code

https://github.com/code-423n4/2022-04-backed/blob/e8015d7c4b295af131f017e646ba1b99c8f608f0/contracts/NFTLoanFacilitator.sol#L124

Vulnerability details

Impact

• In the function closeLoan of contract NFTLoanFacilitator, collateral ERC721 token is sent to sendCollateralTo, the transferFrom keyword is used instead of safeTransferFrom. If any sendCollateralTo is a contract and is not aware of incoming ERC721 tokens, the sent tokens could be locked.

Proof of Concept

• https://github.com/code-423n4/2022-04-backed/blob/e8015d7c4b295af131f017e646ba1b99c8f608f0/contracts/NFTLoanFacilitator.sol#L124

Recommended Mitigation Steps

• Consider changing transferFrom to safeTransferFrom.

[wilsoncusack]

83

[gzeoneth]

Duplicate of #83