Closed sherlock-admin4 closed 3 months ago
Raspy Spruce Parrot
Low/Info
The winner of the NFT prize might be a smart contract that does not implement onERC721Received, causing the NFT to be frozen.
In WinnablesPrizeManager.sol::_sendNFTPrize() transferFrom() is used instead of safeTransferFrom().
transferFrom()
safeTransferFrom()
No response
The winner address, who won the raffle and claimed the NFT, will not be able to do anything with it, if it is a smart contract.
function _sendNFTPrize(address nft, uint256 tokenId, address winner) internal { - IERC721(nft).transferFrom(address(this), winner, tokenId); + IERC721(nft).safeTransferFrom(address(this), winner, tokenId); }
Raspy Spruce Parrot
Low/Info
Winner may not receive his NFT prize
Summary
The winner of the NFT prize might be a smart contract that does not implement onERC721Received, causing the NFT to be frozen.
Root Cause
In WinnablesPrizeManager.sol::_sendNFTPrize()
transferFrom()is used instead ofsafeTransferFrom().Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
The winner address, who won the raffle and claimed the NFT, will not be able to do anything with it, if it is a smart contract.
PoC
No response
Mitigation