Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/lock/JPEGLock.sol#L39
During the code review, It has been observed that owner can lock NFT infinitely. We are recommending to handle the NFT locks with DAO roles carefully to avoid any potential hack.
Code Review
Consider implementing upper bound on the NFT lock time.
Out of scope
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/lock/JPEGLock.sol#L39
Vulnerability details
Impact
During the code review, It has been observed that owner can lock NFT infinitely. We are recommending to handle the NFT locks with DAO roles carefully to avoid any potential hack.
Proof of Concept
https://github.com/code-423n4/2022-04-jpegd/blob/main/contracts/lock/JPEGLock.sol#L39
Tools Used
Code Review
Recommended Mitigation Steps
Consider implementing upper bound on the NFT lock time.