Open sherlock-admin4 opened 4 days ago
Muscular Pebble Walrus
Medium
Use safeTransferFrom() instead of transferFrom()
swap()/ redeem()/ withdrawTokens() etc uses transferFrom() instead of safeTransferFrom(). If receiver doesn't support ERC721, tokens will be lost.
As per the documentation of EIP-721:
A wallet/broker/auction application MUST implement the wallet interface if it will accept safe transfers.
Ref: https://eips.ethereum.org/EIPS/eip-721
Nft will be lost if doesn't support ERC721
https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L248C8-L252C83 https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L226
Manual Review
Muscular Pebble Walrus
Medium
Use safeTransferFrom() instead of transferFrom()
Summary
Use safeTransferFrom() instead of transferFrom()
Vulnerability Detail
swap()/ redeem()/ withdrawTokens() etc uses transferFrom() instead of safeTransferFrom(). If receiver doesn't support ERC721, tokens will be lost.
As per the documentation of EIP-721:
Ref: https://eips.ethereum.org/EIPS/eip-721
Impact
Nft will be lost if doesn't support ERC721
Code Snippet
https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L248C8-L252C83 https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L226
Tool used
Manual Review
Recommendation
Use safeTransferFrom() instead of transferFrom()