search

code-423n4 / 2023-04-caviar-findings

9 stars 4 forks source link

ETHRouter Can Lock NFTs Sent to the Contract #37

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-04-caviar/blob/main/src/EthRouter.sol#L45

Vulnerability details

Impact

The ethRouter contract inherits ERC721TokenReceiver and can accept NFTs sent by users. However, if a user accidentally sends an NFT to the contract or airdrops an NFT to the contract, the administrator cannot rescue the NFT from the contract.

contract EthRouter is ERC721TokenReceiver {
    ......
    ......
}

Proof of Concept

Send nft directly to the contract

Tools Used

vscode

Recommended Mitigation Steps

Add a function similar to PrivatePool::withdraw to rescue NFTs sent to the contract.

c4-pre-sort commented 1 year ago

0xSorryNotSorry marked the issue as low quality report

GalloDaSballo commented 1 year ago

L

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c