The function onDettachFromManagedNFT has a check that verifies one of the parameters of a token, but the check is implemented via the function assert
Attack Scenario
Whenever a user calls onDettachFromManagedNFT there are two checks that verify the token is attached to a managed NFT:
if (!tokenInfo.isAttached) {
revert NotAttached();
}
assert(tokenInfo.attachedManagedTokenId != 0);
However, if the attachedManagedTokenId has value of 0, the user's NFT will never be dettached from the managed NFT. In addition to that, the assert function should only be used for internal testing, as it would cause a Panic error, as per the Solidity docs:
Assert should only be used to test for internal errors and to check invariants. Properly functioning code should never create a Panic, not even on invalid external input.
Recommendations
Consider implementing the following changes by using one of the existent functions from the contract:
Github username: @Vancelott Twitter username: vancelotx Submission hash (on-chain): 0x641247bab6c35cec178bc216a4bf8ce5036dd9e975f502df251634194d4525f7 Severity: low
Description: Description
The function onDettachFromManagedNFT has a check that verifies one of the parameters of a token, but the check is implemented via the function assert
Attack Scenario
Whenever a user calls onDettachFromManagedNFT there are two checks that verify the token is attached to a managed NFT:
However, if the
attachedManagedTokenIdhas value of 0, the user's NFT will never be dettached from themanaged NFT. In addition to that, the assert function should only be used for internal testing, as it would cause aPanicerror, as per the Solidity docs:Recommendations
Consider implementing the following changes by using one of the existent functions from the contract: