Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sellers can sell nfts to buyers and burn/nuke the nfts after selling. #500

Closed
c4-bot-4 opened this issue Aug 4, 2024 · 1 comment
Closed

Sellers can sell nfts to buyers and burn/nuke the nfts after selling. #500

c4-bot-4 opened this issue Aug 4, 2024 · 1 comment
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality 🤖_04_group AI based duplicate group recommendation

Comments

@c4-bot-4
Copy link
Contributor

c4-bot-4 commented Aug 4, 2024

Lines of code

https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/TraitForgeNft/TraitForgeNft.sol#L143
https://github.com/code-423n4/2024-07-traitforge/blob/main/contracts/NukeFund/NukeFund.sol#L155

Vulnerability details

Impact

Any user can set his any address as approved i.e _tokenApprovals[tokenid] for a tokenid.then seller can sell the tokenid nft other users, after selling the nft, alice can burn/nuke the nft which is unfair/unintentional for the protocol.

Proof of Concept

  1. Let’s assume, alice mint a tokenid in a generation.alice approves the tokenid to her own different address(account2) i.e alice updates _tokenApprovals[tokenid] = account2.

  2. Now Alice lists the tokenid nft for sale by calling the function listNFTForSale.

  3. Bob buys the tokenid nft by calling the function buyNFT.

  4. Now alice calls function burn with account2, this burn function calls isApprovedOrOwner function,as account2 is approved for this tokenid, as a result, the tokenid nft is burned.alice can calls nuke function which calls isApprovedOrOwner function,as account2 is approved for this tokenid, as a result, the tokenid nft is nuked.

  5. So alice can set herself as approved for this tokenid and alice can sell the tokenid nft other users, after selling the nft, alice can burn/nuke the nft which is unfair/unintentional for the protocol.

Tools Used

manual review

Recommended Mitigation Steps

Implement a mechanism so that sellers can’t burn/nuke the nft after selling the nft to other users.

Assessed type

Error
@c4-bot-4 c4-bot-4 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Aug 4, 2024
c4-bot-1 added a commit that referenced this issue Aug 4, 2024
@c4-bot-1
almurhasan issue #500
188ca27
@c4-bot-12 c4-bot-12 added the 🤖_04_group AI based duplicate group recommendation label Aug 7, 2024
@howlbot-integration howlbot-integration bot added the insufficient quality report This report is not of sufficient quality label Aug 9, 2024
@Almur100
Copy link

Why this is invalid??
Similar issue was accepted in NextGen audit
code-423n4/2023-10-nextgen-findings#1597

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working insufficient quality report This report is not of sufficient quality 🤖_04_group AI based duplicate group recommendation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Almur100 @c4-bot-4 @c4-bot-12