search

code-423n4 / 2023-10-badger-findings

1 stars 1 forks source link

Use of transferFrom() rather than safeTransferFrom() for NFTs in will lead to the loss of NFTs #327

Closed c4-submissions closed 9 months ago

c4-submissions commented 9 months ago

Lines of code

https://github.com/code-423n4/2023-10-badger/blob/main/packages/contracts/contracts/ActivePool.sol#L283 https://github.com/code-423n4/2023-10-badger/blob/main/packages/contracts/contracts/BorrowerOperations.sol#L785

Vulnerability details

Impact

Proof of Concept

file: /contracts/contracts/ActivePool.sol

283        collateral.transferFrom(address(receiver), address(this), amountWithFee);

https://github.com/code-423n4/2023-10-badger/blob/main/packages/contracts/contracts/ActivePool.sol#L283

Assessed type

ETH-Transfer

bytes032 commented 9 months ago

Invalid

c4-pre-sort commented 9 months ago

bytes032 marked the issue as insufficient quality report

bytes032 commented 9 months ago

collateral is ERC20

c4-pre-sort commented 9 months ago

bytes032 marked the issue as duplicate of #266

c4-judge commented 9 months ago

jhsagd76 marked the issue as unsatisfactory: Invalid