Open code423n4 opened 1 year ago
hansfriese
commented
1 year ago L-2: I think it might make sense to allow lenders to stop the concluded auction. A lender might want to re-initiate auction with a hope to get the NFT back rather than ETH. NC-2: Invalid
L3 NC1
wukong-particle
commented
1 year ago L1: Similar to buyNFTFromMarket, if lender chooses not to withdraw ETH from concluded auction, borrower can still close position with NFT.
L2: Judge is correct.
L3: invalid, onERC721Received is designed for EOA so they don't need to call "setApprovalForAll". Our backend can handle this level of spam and won't show to UI/UX for irrelevant NFTs.
L4: Acknowledged, similar to L1 in https://github.com/code-423n4/2023-05-particle-findings/issues/28.
NC1: Acknowledged, will update, similar to 14 in https://github.com/code-423n4/2023-05-particle-findings/issues/48.
NC2: Acknowledged, will update, similar to 11 in https://github.com/code-423n4/2023-05-particle-findings/issues/48.
c4-sponsor
commented
1 year ago wukong-particle marked the issue as sponsor acknowledged
c4-judge
commented
1 year ago hansfriese marked the issue as grade-b
hansfriese
commented
1 year ago L1~3: Invalid
L 1 N 2
wukong-particle
commented
1 year ago L4 fixed with https://github.com/Particle-Platforms/particle-exchange-protocol/pull/4 NC1 fixed with https://github.com/Particle-Platforms/particle-exchange-protocol/pull/16 NC2 fixed with https://github.com/Particle-Platforms/particle-exchange-protocol/pull/11 and https://github.com/Particle-Platforms/particle-exchange-protocol/pull/15
See the markdown file with the details of this report here.