0xsaruman
commented
2 years ago Open code423n4 opened 2 years ago
0xsaruman
commented
2 years ago 
dmvt
commented
2 years ago This is not a duplicate of #342. The maximum compromise here is an amount of WEI equal to the tokenId. I think this is an improbable scenario, but I'll leave it in as low risk. Downgraded to QA.
Lines of code
https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L236 https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L361 https://github.com/code-423n4/2022-07-golom/blob/e5efa8f9d6dda92a90b8b2c4902320acf0c26816/contracts/core/GolomTrader.sol#L301
Vulnerability details
Impact
There is overlap between the function signature of ERC20
transferFrom(address,address,uint256)and ERC721transferFrom(address,address,uint256). The impact of this is that it's possible for users to transfer ERC20 tokens instead of ERC721.This poses a threat as signers may have approved WETH to transfer funds. The threat occurs if
o.collectionis then set as WETH address. An unwitting user could accidently transfer WETH instead of an NFT to a user.The impact is rated as Medium rather than High as although there is loss of funds the user would have to either sign or accept an Order which has a ERC20 address as the
collectionfield.Proof of Concept
fillAsk()fillBid()fillCriteriaBid()Recommended Mitigation Steps
Consider using
ERC721.safeTransferFrom()instead ofERC721.transferFrom(). This will change the function signature and therefore prevent overlap between ERC20 and ERC721 transfer functions.