Omniscia Xcaliswap Audit

VotingEscrow Manual Review Findings

VEW-01M: Inexistent Validation of ERC721 Conformity

Type	Severity	Location
Standard Conformity		VotingEscrow.sol:L374

Description:

The IERC721Receiver hook invoked is meant to yield the IERC721Receiver.onERC721Received.selector as the bytes4 result to ensure compliance with the EIP-721 standard, however, no such validation occurs.

Impact:

The contract is now non-compliant with the EIP-721 standard and could hinder integrations with other protocols.

Example:

contracts/periphery/VotingEscrow.sol

364function safeTransferFrom(
365    address _from,
366    address _to,
367    uint _tokenId,
368    bytes memory _data
369) public {
370    _transferFrom(_from, _to, _tokenId, msg.sender);
371
372    if (_isContract(_to)) {
373        // Throws if transfer destination is a contract which does not implement 'onERC721Received'
374        try IERC721Receiver(_to).onERC721Received(msg.sender, _from, _tokenId, _data) returns (bytes4) {} catch (
375            bytes memory reason
376        ) {
377            if (reason.length == 0) {
378                revert('ERC721: transfer to non ERC721Receiver implementer');
379            } else {
380                assembly {
381                    revert(add(32, reason), mload(reason))
382                }
383            }
384        }
385    }
386}

Recommendation:

We advise the yielded bytes4 value to be validated as equal to the onERC721Received selector as otherwise interactions with non-EIP-721 compliant tokens will be permitted.

Alleviation:

The Xcaliswap team has fixed this issue by validating that the returned bytes4 value is equal to the onERC721Received selector.

Omniscia Xcaliswap Audit

VotingEscrow Manual Review Findings

VotingEscrow Manual Review Findings

VEW-01M: Inexistent Validation of ERC721 Conformity

Description:

Impact:

Example:

Recommendation:

Alleviation:

Voter.sol (VRE-M)

Base64.sol (B46-C)

On this page