Open hats-bug-reporter[bot] opened 4 months ago
Thank you for the submission.
This issue is related to the code and features of inherited contracts from Thena & Chronos, which makes this OOS submission
NFTs can be lost then it can be classified as a "loss of funds"
Such a case is only possible due to the negligence of users. Due to the lack of criticality and inheritance from Thena/Chronos, OOS remains
Github username: @Rotcivegaf Twitter username: rotcivegaf Submission hash (on-chain): 0x51626ae62b2b7b8e0c29e25debe0d7fa1492cdf4f517ce9d6b408a0070016b47 Severity: medium
Description: Lines:
Description:
When the
VotingEscrowUpgradeable
contract mint an NFT don't do theonERC721Received
checkIf a user of the escrow system uses a contract that reject NFT for any reason, no checks are done, and the NFT can be locked forever.
Attack Scenario:
VotingEscrowUpgradeable
mint an NFT to this contractRecommended Mitigation Steps:
Implement the
_checkOnERC721Received
in the_mint
function