spaghettieth
commented
2 years ago _encodeFlashEscrowPayload in both EtherRocksHelper and CryptoPunksHelper override the virtual function _encodeFlashEscrowPayload from NFTEscrow
Closed code423n4 closed 2 years ago
spaghettieth
commented
2 years ago _encodeFlashEscrowPayload in both EtherRocksHelper and CryptoPunksHelper override the virtual function _encodeFlashEscrowPayload from NFTEscrow
Lines of code
https://github.com/code-423n4/2022-04-jpegd/blob/e72861a9ccb707ced9015166fbded5c97c6991b6/contracts/helpers/CryptoPunksHelper.sol#L99
Vulnerability details
Impact
Undefined Behavior
Proof of Concept
function _encodeFlashEscrowPayload() use the keyword override that means this function overriding a base function. I guess but I'm not sure this is the {transferPunk} function , used as the escrow's payload, from ../interfaces/ICryptoPunks.sol
But this function is not market as virtual. L5 function transferPunk(address _to, uint256 _punkIndex) external;
Therefore the function _encodeFlashEscrowPayload() can't override this function.
Same issue with function getRockInfo in .../interfaces/IEtherRocks.sol from the function _encodeFlashEscrowPayload () in EtherRocksHelper.sol
Tools Used
VCS
Recommended Mitigation Steps
I would suggest to add the keywork virtual in function transferPunk (from ../interfaces/ICryptoPunks.sol)