HardlyDifficult
commented
2 years ago Closed HardlyDifficult closed 2 years ago
HardlyDifficult
commented
2 years ago 
JeeberC4
commented
2 years ago Issue recreated with script that includes all required data.
From Kumpa in https://github.com/code-423n4/2022-05-cally-findings/issues/119
Checking whether the receiver is capable of holding ERC721 The contract usessafeTransfer() for ERC20 but uses transferFrom() for ERC721 in both exercise() and withdraw() which may lead to the loss of ERC721 if the receiving contract does not have onERC721Received(). To prevent this unintended circumstance, the contract should replace this function with safeTransferFrom() for ERC721 to check whether the receiving contract is IERC721Receiver.