search

sherlock-audit / 2024-08-flayer-judging

0 stars 0 forks source link

Muscular Pebble Walrus - Use safeTransferFrom() instead of transferFrom() #767

Open sherlock-admin4 opened 4 days ago

sherlock-admin4 commented 4 days ago

Muscular Pebble Walrus

Medium

Use safeTransferFrom() instead of transferFrom()

Summary

Use safeTransferFrom() instead of transferFrom()

Vulnerability Detail

swap()/ redeem()/ withdrawTokens() etc uses transferFrom() instead of safeTransferFrom(). If receiver doesn't support ERC721, tokens will be lost.

As per the documentation of EIP-721:

A wallet/broker/auction application MUST implement the wallet interface if it will accept safe transfers.

Ref: https://eips.ethereum.org/EIPS/eip-721

Impact

Nft will be lost if doesn't support ERC721

Code Snippet

https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L248C8-L252C83 https://github.com/sherlock-audit/2024-08-flayer/blob/main/flayer/src/contracts/Locker.sol#L226

Tool used

Manual Review

Recommendation

Use safeTransferFrom() instead of transferFrom()