search

code-423n4 / 2023-11-panoptic-findings

0 stars 0 forks source link

Position token may be lost if mintTokenizedPosition is executed in constructor of a contract #627

Closed c4-bot-4 closed 11 months ago

c4-bot-4 commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-panoptic/blob/aa86461c9d6e60ef75ed5a1fe36a748b952c8666/contracts/tokens/ERC1155Minimal.sol#L222-L229

Vulnerability details

If an contract is used to create a position calling mintTokenizedPosition in its contructor, then the ERC1155 token may be lost. This is because of use of below method in _mint 

    if (to.code.length != 0) {
        if (
            ERC1155Holder(to).onERC1155Received(msg.sender, address(0), id, amount, "") !=
            ERC1155Holder.onERC1155Received.selector
        ) {
            revert UnsafeRecipient();
        }
    }

Impact

loss of token minted from ERC1155

Recommended Mitigation Steps

Use assembly to check the to address is a contract or not

Assessed type

Token-Transfer

c4-judge commented 11 months ago

Picodes marked the issue as unsatisfactory: Overinflated severity