search

sherlock-audit / 2023-01-ajna-judging

1 stars 0 forks source link

Chinmay - Buypunk function of Cryptopunks in ERC721Pool is used incorrectly #163

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Chinmay

medium

Buypunk function of Cryptopunks in ERC721Pool is used incorrectly

Summary

The buyPunk function here seems to be for transferring NFT from sender to pool, but the original contract has a payable function that uses msg.value checks

Vulnerability Detail

This seems to be a weird implementation for transferring the NFT. Furthermore, the function is payable but the interface by AJNA doesn't mark it as payable.

This function checks for the msg.value in the original Cryptopunks contract. Calling it from the ERC721Pool will always revert because the msg.value is not being sent with the call at L#577. Thus, a cryptopunk NFT will never be able to be used as the collateral in this NFT pool.

Impact

Code Snippet

https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/ERC721Pool.sol#L577

Tool used

Manual Review

Recommendation

Update the interface with the payable keyword and send msg.value along with the buyPunk call so that it passes checks at the target contract

grandizzy commented 1 year ago

we're not going to support non standard NFT anymore, just wrapped versions