outdoteth
commented
2 years ago Technically correct but we have no intention to support these tokens. users can use those tokens by getting a wrapped version of them that conforms to the erc721 spec
Open code423n4 opened 2 years ago
outdoteth
commented
2 years ago Technically correct but we have no intention to support these tokens. users can use those tokens by getting a wrapped version of them that conforms to the erc721 spec
HardlyDifficult
commented
2 years ago This is a common issue when working with NFTs. Wrappers, native support, or simply not supporting these non-standard tokens are reasonable courses. Lowing to 1 (Low) and converting into a QA report for the warden.
Lines of code
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L198-L200
Vulnerability details
Impact
While the
Cally.solcontract is compatible with standardERC20andERC721tokens, it is not able to handle popular non-standardERC721tokens such as cryptopunks. The typicaltransferFrom()call will fail as a result, and these users will likely opt to use another protocol which does support options on their specific NFT.Recommended Mitigation Steps
NFTX protocol has implemented a way to handle the transfer of both standard and non-standard
ERC721tokens. The relevant implementation can be found here. The solution provided also utilises OpenZeppelin'ssafeTransferFrom()function on most transfers as this ensures the function reverts on failure.