A Bear can give a worst nft in the collection that is near 0 with out an agreement on it and cause the bull to get a bad deal
Summary
A bear can give a bad nft from the collection and get its money back but since there is no agreement on the nft in the collection just the collection the bull can get cheated on.
Vulnerability Detail
Alice(bear attacker)
bob(bull victim)
They agree on an order for a collection that has a greater price but Alice transfers nft(which tokenId 1=0.1 ether)
while the whole collection is above 1 ether which is cheating out the bull from a better nft which won't sell as well.
steps:
Alice gives the bad nft to the contract and they get their funds back
The bull gets the bad nft for a loss that is not excepted
Impact
bear cheating on the bull
Code Snippet
try
IERC721(order.collection).safeTransferFrom(bear, bull, tokenId)
{} catch (bytes memory) {
// Transfer NFT to BvbProtocol
IERC721(order.collection).safeTransferFrom(
bear,
address(this),
tokenId
);
// Store that the bull has to retrieve it
withdrawableCollectionTokenId[order.collection][tokenId] = bull;
}
simon135
high
A Bear can give a worst nft in the collection that is near 0 with out an agreement on it and cause the bull to get a bad deal
Summary
A bear can give a bad nft from the collection and get its money back but since there is no agreement on the nft in the collection just the collection the bull can get cheated on.
Vulnerability Detail
Alice(bear attacker) bob(bull victim) They agree on an order for a collection that has a greater price but Alice transfers nft(which tokenId 1=0.1 ether) while the whole collection is above 1 ether which is cheating out the bull from a better nft which won't sell as well. steps: Alice gives the bad nft to the contract and they get their funds back The bull gets the bad nft for a loss that is not excepted
Impact
bear cheating on the bull
Code Snippet
https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L394
Tool used
Manual Review
Recommendation
i recommend to make sure the entities of the order agree on specific tokenId or make this a know risk in the frontend
Duplicate of #81