- Vulnerability Category:
Validations and error handling - Severity:
Minor - Detectors:
unwrap-panic-usage - Test Cases:
unwrap-panic-usage
The unwrap-panic function attempts to 'unpack' its argument. If it fails, it throws a runtime error, which aborts the execution of the current transaction.
(define-public (fulfil-listing-ft (listing-id uint) (nft-asset-contract <nft-trait>) (payment-asset-contract <ft-trait>))
(let
(listing (unwrap-panic (map-get? listings listing-id) err-unknown-listing))
(taker tx-sender)
) (
(try! (assert-can-fulfil (contract-of nft-asset-contract) (some (contract-of payment-asset-contract)) listing))
(try! (as-contract (transfer-nft nft-asset-contract (get token-id listing) tx-sender taker)))
(try! (transfer-ft payment-asset-contract (get price listing) taker (get maker listing)))
(map-delete listings listing-id)
(ok listing-id)
)
)
The vulnerable code example can be found here.
Use unwrap! instead of unwrap-panic to handle the error.
(define-public (fulfil-listing-ft (listing-id uint) (nft-asset-contract <nft-trait>) (payment-asset-contract <ft-trait>))
(let
(listing (unwrap! (map-get? listings listing-id) err-unknown-listing))
(taker tx-sender)
) (
(try! (assert-can-fulfil (contract-of nft-asset-contract) (some (contract-of payment-asset-contract)) listing))
(try! (as-contract (transfer-nft nft-asset-contract (get token-id listing) tx-sender taker)))
(try! (transfer-ft payment-asset-contract (get price listing) taker (get maker listing)))
(map-delete listings listing-id)
(ok listing-id)
)
)The remediated code example can be found here.