c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #184
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #184
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Judge has assessed an item in Issue #284 as 3 risk. The relevant finding follows:
NFT tokens sent to the EthRouter contract by mistake can be drained by pool contracts. When someone calls sell, deposit or change functions on EthRouter contract, the contract gives the particular pool full approval (with setApprovalForAll) for tokens from that particular nft. This approval is not revoked later. If someone sends a token from the approved nft, the pool owner can use the execute function to withdraw this token from EthRouter to his own pool.NFT tokens sent to the EthRouter contract by mistake can be drained by pool contracts. When someone calls sell, deposit or change functions on EthRouter contract, the contract gives the particular pool full approval (with setApprovalForAll) for tokens from that particular nft. This approval is not revoked later. If someone sends a token from the approved nft, the pool owner can use the execute function to withdraw this token from EthRouter to his own pool.