Adding sails marketplace contract #513
Conversation
There was a problem hiding this comment.
There are potential vulnerabilities that arise from interactions between a marketplace contract and token contracts. For example:
- Scenario 1 (NFT transferred first):
-
A buyer makes an offer and transfers fungible tokens to the marketplace contract's balance.
-
The seller accepts the offer and sends a message to the contract. During the processing of this message: The NFT transfer is executed first, and the message is placed in a waitlist. Meanwhile, the buyer sends a withdraw message to cancel the offer and withdraws their tokens.
-
When the seller's message resumes processing, it fails at the point of transferring tokens from the buyer to the seller. However, the NFT has already been transferred to the buyer, leaving the seller without compensation.
- Scenario 2 (Tokens transferred first):
-
The seller accepts the offer and sends a message to the contract. During the processing of this message: The transfer of tokens from the buyer to the seller is executed first, and the message is placed in a waitlist.
-
Meanwhile, another buyer decides to purchase the NFT and sends a purchase message.
-
When the seller's message resumes processing, it fails during the NFT transfer. As a result: The seller receives double payment: one from the initial buyer's token transfer and another from the second buyer's purchase.The initial buyer ends up without their tokens and without the NFT.
No description provided.