c4-judge
commented
7 months ago gzeon-c4 marked the issue as satisfactory
Open c4-bot-10 opened 7 months ago
c4-judge
commented
7 months ago gzeon-c4 marked the issue as satisfactory
c4-judge
commented
7 months ago gzeon-c4 marked the issue as confirmed for report
Lines of code
Vulnerability details
Vulnerability
The original vulnerability involved the potential for
stopRent()to revert due to pausedERC721orERC1155tokens.Mitigation
A token whitelist for rentals and payments has been introduced. As per the mitigation documentation, no pausable
ERC721orERC1155tokens will be whitelisted. This approach ensures that only non-pausable tokens are considered for rental transactions, effectively addressing the original issue by avoiding the problematic scenario altogether.Suggestion
While the whitelist approach is effective, it requires ongoing monitoring to ensure that all tokens on the list remain safe to interact with. Some tokens may be deployed behind a proxy and could be upgraded with additional problematic functionality.
It is also worth noting that 2 out of the 3 assets intended to be whitelisted as payment tokens, USDC and USDT, are pausable. While this may not be considered a Medium severity vulnerability according to Code4rena guidelines, it will also have the effect of preventing rentals from being stopped if they are used as payment tokens.
Conclusion
The introduction of a token whitelist effectively mitigates the original vulnerability as long as no pausable tokens are whitelisted.