Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
23 lines (14 loc) · 708 Bytes

056.md

File metadata and controls

23 lines (14 loc) · 708 Bytes
Raw

Bnke0x0

medium

Using TransferFrom on ERC721 tokens

Summary

Vulnerability Detail

Impact

In the function '_initiateBridgeERC721' of contract L1ERC721Bridge, the transferFrom keyword is used instead of safeTransferFrom. The sent tokens could be locked if any user is in a contract and is unaware of incoming ERC721 tokens.

Code Snippet

https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/L1ERC721Bridge.sol#L101

                     'IERC721(_localToken).transferFrom(_from, address(this), _tokenId);'

Tool used

Manual Review

Recommendation

Consider changing transferFrom to safeTransferFrom at line 101.