Skip to content
This repository has been archived by the owner on Jun 23, 2024. It is now read-only.

Stoicov - FootiumClub does not implement ERC2981 #50

Closed
sherlock-admin2 opened this issue Dec 17, 2023 · 1 comment
Closed

Stoicov - FootiumClub does not implement ERC2981 #50

sherlock-admin2 opened this issue Dec 17, 2023 · 1 comment
Labels
Non-Reward This issue will not receive a payout

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Dec 17, 2023
edited
Loading

Stoicov

medium

FootiumClub does not implement ERC2981

Summary

Footium players implement royalties while clubs do not, so marketplaces that do respect the EIP-2981 will not be paying royalties for the club NFTs which deprives developers from yield.

Vulnerability Detail

In the previous audit it was confirmed that clubs should implement ERC2981 Royalties which should go to the developers upon selling a club. However FootiumClub still does not inherit ERC2891Upgradeable.

contract FootiumClub is
    ERC721Upgradeable,
    AccessControlUpgradeable,
    PausableUpgradeable,
    ReentrancyGuardUpgradeable,
    OwnableUpgradeable
{

Impact

Loss of yield for Footium developers

Code Snippet

https://github.com/sherlock-audit/2023-12-footium/blob/main/footium-eth-shareable/contracts/FootiumClub.sol#L14-L19

This is the relevant issue, for which it was confirmed clubs should implement the EIP2981 standard so that on club sale royalties will be paid to the protocol developers, yet this has not been fixed, hence it is present in the current scope.
sherlock-audit/2023-04-footium-judging#293

The issue was found by 0x52 and 0xRobocop, so credit goes to them for spotting this.

Tool used

Manual Review

Recommendation

Implement EIP2981 on clubs as well

Duplicate of #68
@sherlock-admin sherlock-admin changed the title Skinny Gingerbread Dalmatian - Users could have their price stuck in the PrizeDistributor contract Clever Neon Toad - FootiumClub does not implement ERC2981 (a medium reported in the last audit but not fixed) Dec 18, 2023
@sherlock-admin sherlock-admin changed the title Clever Neon Toad - FootiumClub does not implement ERC2981 (a medium reported in the last audit but not fixed) Clever Neon Toad - FootiumClub does not implement ERC2981 Dec 18, 2023
@github-actions github-actions bot added Medium A valid Medium severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 20, 2023
@sherlock-admin2
Copy link
Author

1 comment(s) were left on this issue during the judging contest.

darkart commented:

Even if team is sold the players are not directly connected to the team according to developers

@nevillehuang nevillehuang mentioned this issue Dec 20, 2023
Closed
@Czar102 Czar102 removed the Medium A valid Medium severity issue label Dec 21, 2023
@sherlock-admin2 sherlock-admin2 changed the title Clever Neon Toad - FootiumClub does not implement ERC2981 Stoicov - FootiumClub does not implement ERC2981 Dec 21, 2023
@sherlock-admin2 sherlock-admin2 added Non-Reward This issue will not receive a payout and removed Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Dec 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Non-Reward This issue will not receive a payout
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Czar102 @sherlock-admin2