Open c4-bot-6 opened 1 month ago
MarioPoneder marked the issue as primary issue
MarioPoneder marked the issue as satisfactory
MarioPoneder marked the issue as selected for report
Other
Isolate
methods cannot be operated either
points out other instances
Lines of code
https://github.com/code-423n4/2024-07-benddao/blob/117ef61967d4b318fc65170061c9577e674fffa1/src/libraries/logic/VaultLogic.sol#L627
Vulnerability details
Vulnerability details
When
isolateLiquidate(supplyAsCollateral=false)
is executed Finallyerc721DecreaseIsolateSupplyOnLiquidate()
will be executed and the NFT will be transferred to the userWe know from the above code that this method does not clear the
tokenData.lockerAddr
So, nowtokenData
is. erc721TokenData[NFT_1].owner = 0 erc721TokenData[NFT_1].supplyMode = 0 erc721TokenData[NFT_1].lockerAddr = address(poolManager)And user alice has NFT_1, then alice execute
BVault.depositERC721(NFT_1, supplyMode = SUPPLY_MODE_CROSS)
will succeed,deposit()
does not checklockerAddr
.So
tokenData
becomes. erc721TokenData[NFT_1].owner = alice erc721TokenData[NFT_1].supplyMode = SUPPLY_MODE_CROSS erc721TokenData[NFT_1].lockerAddr = address(poolManager) -> not changeAfter that the user's NFT_ 1 will be locked because
withdrawERC721()
->validateWithdrawERC721()
will check thatlockerAddr
must beaddress(0)
Other
Isolate
methods cannot be operated eitherNote: erc721DecreaseIsolateSupply() similar
Impact
Unable to retrieve NFT
Recommended Mitigation
Assessed type
Context