There is no Support For The Trading of Cryptopunks #248
Labels
bug
Something isn't working
old-submission-method
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
code423n4
added
2 (Med Risk)
|
Don't consider this a vulnerability. The protocol is only designed to work with ERC721s. The FE will only suggest ERC721s to crowdfund on. |
merklejerk
added
the
sponsor disputed
|
At least change the name of the protocol when copy pasting another report 🙏 This is a NC feature suggestion, converting into a QA report for the warden. |
HardlyDifficult
added
QA (Quality Assurance)
|
Merging with #249 |
This was referenced Dec 17, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/crowdfund/BuyCrowdfundBase.sol#L137
Vulnerability details
Impact
Cryptopunks are at the core of the NFT ecosystem. As one of the first NFTs, it embodies the culture of NFT marketplaces. By not supporting the trading of cryptopunks, Foundation is at a severe disadvantage when compared to other marketplaces. Cryptopunks have their own internal marketplace which allows users to trade their NFTs to other users. As such, cryptopunks does not adhere to the ERC721 standard, it will always fail when the protocol attempts to trade them.
Proof of concept
Here is an example implementation of what it might look like to integrate cryptopunks into the Foundation protocol.
Tools Used
Manual review
Recommended Mitigation Steps
Consider designing a wrapper contract for cryptopunks to facilitate standard ERC721 transfers. The logic should be abstracted away from the user such that their user experience is not impacted.
The text was updated successfully, but these errors were encountered: