Skip to content

fix: add missing GNFT transfer function access permission checks #835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dongwon8247 merged 3 commits into from
Sep 1, 2025
Merged

fix: add missing GNFT transfer function access permission checks #835

dongwon8247 merged 3 commits into from
Sep 1, 2025

Conversation

@jinoosss
Copy link
Member

@jinoosss jinoosss commented Aug 28, 2025

The GNFT (Gnoswap NFT) contract was missing critical access control checks in its core transfer functions (SafeTransferFrom and TransferFrom). This security gap posed significant risks to the AMM (Automated Market Maker) system's stability and integrity.

The Security Issue

Before: Transfer functions lacked proper access control

func SafeTransferFrom(cur realm, from, to std.Address, tid grc721.TokenID) error {
    halt.AssertIsNotHaltedPosition()
    // Missing access control - any contract could call this
    
    assertFromIsValidAddress(from)
    assertToIsValidAddress(to)
    // ... transfer logic
}

After: Strict access control implemented

func SafeTransferFrom(cur realm, from, to std.Address, tid grc721.TokenID) error {
    halt.AssertIsNotHaltedPosition()
    
    caller := std.PreviousRealm().Address()
    access.AssertIsStaker(caller)  // Only staker contract can call
    
    assertFromIsValidAddress(from)
    assertToIsValidAddress(to)
    // ... transfer logic
}

Why Restrict to Staker Contract Only?

1. Controlled Liquidity Management

  • The staker contract manages the complete lifecycle of staked positions
  • NFT transfers must be synchronized with staking/unstaking operations
  • Prevents positions from being transferred while earning rewards

Reward System Manipulation:

  • Positions earning rewards could be transferred to avoid penalty periods
  • Staking rewards are time-weighted and position-specific
  • Unauthorized transfers could break reward calculation integrity

Liquidity Tracking Issues:

  • The staker contract tracks which positions are earning rewards
  • Random transfers would desynchronize staking state with NFT ownership
  • Could lead to positions earning rewards without proper tracking

2. Proper Position Lifecycle

The intended flow ensures system consistency:

User Mints Position
        ↓
Receives GNFT (Ownership)
        ↓
Stakes Position → Transfer to Staker Contract
        ↓
Earns Rewards (Controlled State)
        ↓
Unstakes Position → Transfer back to User
        ↓
User Controls GNFT (Normal NFT Operations)

Security Benefits

1. Prevents Unauthorized Position Transfers

  • Blocks malicious contracts from moving staked positions
  • Ensures only the staker contract can manage position custody
  • Protects users from unexpected position movements

2. Maintains AMM Stability

  • Preserves reward calculation integrity
  • Prevents staking state desynchronization
  • Blocks potential economic exploits

@jinoosss jinoosss marked this pull request as ready for review August 29, 2025 08:05
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 29, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dongwon8247 dongwon8247 merged commit 0d6697b into main Sep 1, 2025
15 of 48 checks passed
@dongwon8247 dongwon8247 deleted the GSW-2351-fix-add-missing-GNFT-transfer-function-access-permission-checks branch September 1, 2025 00:39
@MattKangbloc MattKangbloc mentioned this pull request Sep 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dongwon8247 dongwon8247 dongwon8247 approved these changes

@notJoon notJoon Awaiting requested review from notJoon

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jinoosss @dongwon8247