Open code423n4 opened 2 years ago
Technically correct but we have no intention to support these tokens. users can use those tokens by getting a wrapped version of them that conforms to the erc721 spec
This is a common issue when working with NFTs. Wrappers, native support, or simply not supporting these non-standard tokens are reasonable courses. Lowing to 1 (Low) and converting into a QA report for the warden.
Lines of code
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L198-L200
Vulnerability details
Impact
While the
Cally.sol
contract is compatible with standardERC20
andERC721
tokens, it is not able to handle popular non-standardERC721
tokens such as cryptopunks. The typicaltransferFrom()
call will fail as a result, and these users will likely opt to use another protocol which does support options on their specific NFT.Recommended Mitigation Steps
NFTX protocol has implemented a way to handle the transfer of both standard and non-standard
ERC721
tokens. The relevant implementation can be found here. The solution provided also utilises OpenZeppelin'ssafeTransferFrom()
function on most transfers as this ensures the function reverts on failure.