Closed c4-bot-9 closed 2 months ago
Provisionally marking satisfactory for sponsor review
3docSec marked the issue as satisfactory
3docSec marked the issue as selected for report
this not effect transferring NFT to recipient
Marking as insufficient proof:
the user might rely on compliance with this safety check on the instructions.recipient
the user is assumed to enter correct instructions.
As a side note, even though this particular instance at L392 was not reported, this finding has been reported by the 4naly3er report.
3docSec marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2024-06-krystal-defi/blob/f65b381b258290653fa638019a5a134c4ef90ba8/src/Common.sol#L392
Vulnerability details
Impact
Unsafe transfer of ERC721 tokens in
_swapAndMint()
.Proof of Concept
_swapAndMint()
claims to be usingsafeTransferFrom
, but then only usestransferFrom
. This is an issue especially inV3Utils
where the user might rely on compliance with this safety check on theinstructions.recipient
as_swapAndMint()
is called during theV3Utils.execute()
inV3Utils.onERC721Received()
Recommended Mitigation Steps
Use
safeTransferFrom()
on Common.sol#L392.Assessed type
ERC721