search

seen-haus / seen-contracts

Seen Haus contract suite
GNU General Public License v3.0
8 stars 2 forks source link

AEF-01M: Potentially Incorrect Physical Ticket Workflow #9

Closed JayWelsh closed 2 years ago

JayWelsh commented 2 years ago

AEF-01M: Potentially Incorrect Physical Ticket Workflow

Type Severity Location
Logical Fault Minor AuctionEnderFacet.sol:L100

Description:

The closeAuction system for physical items issues a ticket to the buyer that can then be immediately redeemed for the NFT as the ItemsTicketer contract does not apply any access control on the claim function.

Example:

// Determine if consignment is physical
address nft = getMarketController().getNft();
if (nft == consignment.tokenAddress && ISeenHausNFT(nft).isPhysical(consignment.tokenId)) {

    // For physicals, issue an escrow ticket to the buyer
    address escrowTicketer = getMarketController().getEscrowTicketer(_consignmentId);
    IEscrowTicketer(escrowTicketer).issueTicket(_consignmentId, 1, auction.buyer);

} else {

Recommendation:

We advise the ticket to either be claimable only by validation of the escrow agent (to ensure the user has received the physical item) or the workflow to be adjusted instead as it currently does not appear to guarantee proper acquisition of the physical portion of the NFT.

JayWelsh commented 2 years ago

In terms of this flow, the idea was that the physical items will only be shipped once the user runs a claim for it (the claim is more about running a shipping request against the ticket than about ensuring that the physical item is finished being delivered), i.e. it is correct for the user to receive the NFT upon running a claim (i.e. it's more of a shipping claim than a physical claim).