Paused NFT collections will cause users to lose taxRefunds
Summary
Paused NFT collections will cause users to lose taxRefunds
Vulnerability Detail
Many NFTs like pudgyPenguins/ lilPudgys have a paused functionality. If paused it prevents any transfer of the NFTs.
Suppose a user listed his tokenId paying listingTax, now he wanted to cancel his listings but cancelListing() reverted due to pause.
function _resolveListingTax(Listing memory _listing, address _collection, bool _action) private returns (uint fees_, uint refund_) {
//
// Get the amount of tax to be refunded. If the listing has already ended
// then no refund will be offered.
if (block.timestamp < _listing.created + _listing.duration) {
> refund_ = (_listing.duration - (block.timestamp - _listing.created)) * taxPaid / _listing.duration;
}
//
}
And as we seen above taxRefund is calculated based on time tokenId is listed for & if duration is passed then no refund.
As result, refund amount of user will keep decreasing till 0(zero)
Muscular Pebble Walrus
Medium
Paused NFTcollections will cause users to lose taxRefundsSummary
Paused NFTcollections will cause users to lose taxRefundsVulnerability Detail
Many NFTs like pudgyPenguins/ lilPudgys have a paused functionality. If paused it prevents any transfer of the NFTs.
Suppose a user listed his tokenId paying listingTax, now he wanted to cancel his listings but cancelListing() reverted due to pause.
And as we seen above taxRefund is calculated based on time tokenId is listed for & if duration is passed then no refund.
As result, refund amount of user will keep decreasing till 0(zero)
Impact
User will lose tax refund if collection is paused
Code Snippet
https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Listings.sol#L931C4-L934C10
Tool used
Manual Review
Recommendation
Detached the NFT from cancelListing() ie make a mapping that stores the time when a user called cancelListing()