QA Report #104
Labels
bug
Something isn't working
duplicate
This issue or pull request already exists
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
QA report
Non-critical
Use safeTransferFrom for ERC721 consistency
In the contract
NFTLoanFacilitator.sol
there is a mix of usingIERC721.safeTransferFrom()
andIERC721.transferFrom()
. The methodsrepayAndCloseLoan()
andseizeCollateral()
uses thesafeTransferFrom()
, where the methodscreateLoan()
andcloseLoan()
uses thetransferFrom()
.For the method
closeLoan()
it should just be changed, since it transfers the collateral from the contract to another address just like the methodsrepayAndCloseLoan()
andseizeCollateral()
, which both uses thesafeTransferFrom()
.However, in order to change the method
createLoan()
to use thesafeTransferFrom()
it will require the contract to implement theIERC721Receive.onERC721Received()
method.Notice! Currently the method
closeLoan()
does not make use of thesafeTransferFrom()
and this means that if a user provided a contract address as the parametersendCollateralTo
and this contract does not implement proper handling ofERC721
, then the token would be lost. But since I see this as very unlikely, I choose to consider this as anon-critical
instead of alow
.The text was updated successfully, but these errors were encountered: