Description:Description\
The onAttach function in the CompoundVeFNXManagedNFTStrategyUpgradeable contract does not check whether the tokenId_ is already attached before calling the deposit function of the ISingelTokenVirtualRewarder contract. This can lead to overwriting balances, which may cause inconsistencies and potential loss of data.
Attack Scenario\
Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
The onAttach function in CompoundVeFNXManagedNFTStrategyUpgradeable.sol:
function onAttach(uint256 tokenId_, uint256 userBalance_) external override onlyManagedNFTManager {
ISingelTokenVirtualRewarder(virtualRewarder).deposit(tokenId_, userBalance_); //@audit-can only be called by strategy
emit OnAttach(tokenId_, userBalance_);
}
The deposit function in SingelTokenVirtualRewarderUpgradeable.sol:
Lack of Check for Existing Attachment: The onAttach function does not verify if the tokenId is already attached. This can lead to multiple attachments of the same tokenId, causing the balance to be overwritten or incorrectly updated.
Revised Code File (Optional)
To ensure that the onAttach function in CompoundVeFNXManagedNFTStrategyUpgradeable properly checks if an NFT is already attached, you can use the isAttachedNFT function from the ManagedNFTManagerUpgradeable contract.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xf930dbedc147a59e386491d0682b02251ec09c5e3d58a29e8d28531010fe5fbc Severity: medium
Description: Description\ The
onAttach
function in theCompoundVeFNXManagedNFTStrategyUpgradeable
contract does not check whether thetokenId_
is already attached before calling thedeposit
function of theISingelTokenVirtualRewarder
contract. This can lead to overwritingbalances
, which may cause inconsistencies and potential loss of data.Attack Scenario\ Describe how the vulnerability can be exploited.
Attachments
Proof of Concept (PoC) File
The
onAttach
function inCompoundVeFNXManagedNFTStrategyUpgradeable.sol
:The
deposit
function inSingelTokenVirtualRewarderUpgradeable.sol
:Revised Code File (Optional)
onAttach
function inCompoundVeFNXManagedNFTStrategyUpgradeable
properly checks if anN
FT is already attached, you can use theisAttachedNFT
function from the ManagedNFTManagerUpgradeable contract.