gpersoon
The function transferERC721 checks for nftApprovals, however it never reset the value of nftApprovals.
This means if the NFT would end up in the contract again in the future, it could be transferred again without an explicit approval.
function transferERC721(
address to,
address nftContract,
uint256 tokenId
) external {
if(msg.sender != _getOwner()) {
require( nftApprovals[keccak256(abi.encodePacked(msg.sender, nftContract, tokenId))], βNFT not approved for transferβ);
}
β¦
_removeNft(nftContract, tokenId);
IERC721(nftContract).safeTransferFrom(address(this), to, tokenId);
}
Editor
Set nftApprovals[keccak256(abi.encodePacked(msg.sender, nftContract, tokenId))] = 0
The text was updated successfully, but these errors were encountered:
All reactions