search

code-423n4 / 2023-09-delegate-findings

2 stars 1 forks source link

Use `safeTransferFrom()` instead of `transferFrom()` for outgoing erc721 transfers #297

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-09-delegate/blob/main/src/DelegateToken.sol#L369

Vulnerability details

Impact

It is recommended to use safeTransferFrom() instead of transferFrom() when transferring ERC721s out of the vault. There is the potential loss of NFTs should the recipient is unable to handle the sent ERC721s.

Proof of Concept

It helps ensure that the recipient is indeed capable of handling ERC721s.

Tools Used

None

Recommended Mitigation Steps

use safeTransferFrom() whenever possible.

Assessed type

Token-Transfer

c4-judge commented 1 year ago

GalloDaSballo changed the severity to QA (Quality Assurance)

GalloDaSballo commented 1 year ago

2L

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c