Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/escrow/NFTEscrow.sol#L52 https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/escrow/NFTEscrow.sol#L70
undefined behavior
NFTEscrow.sol is inpsired by this contract: https://github.com/thousandetherhomepage/ketherhomepage/blob/dcb0a841db9cdfbcdf4fcfd1cc018b1612e8415e/contracts/KetherNFT.sol The configuration for the function _encodeFlashEscrow (L52) and the function _executeTransfer (L70) are misconfigured compared with the inspired code that would create undefined behavior for these functions.
VSC, Chrome
change 'nftAddress' to '(address(nftAddress)' in these lines.
The code isn't a copypaste, it's been adapted to fit our specific use case.
Invalid
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/escrow/NFTEscrow.sol#L52 https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/escrow/NFTEscrow.sol#L70
Vulnerability details
Impact
undefined behavior
Proof of Concept
NFTEscrow.sol is inpsired by this contract: https://github.com/thousandetherhomepage/ketherhomepage/blob/dcb0a841db9cdfbcdf4fcfd1cc018b1612e8415e/contracts/KetherNFT.sol The configuration for the function _encodeFlashEscrow (L52) and the function _executeTransfer (L70) are misconfigured compared with the inspired code that would create undefined behavior for these functions.
Tools Used
VSC, Chrome
Recommended Mitigation Steps
change 'nftAddress' to '(address(nftAddress)' in these lines.