Lines of code
Vulnerability details
Impact
The transferFrom() method is used instead of safeTransferFrom(), presumably to save gas. I however argue that this isn’t recommended because:
- OpenZeppelin’s documentation discourages the use of transferFrom(), use safeTransferFrom() whenever possible.
- Given that any NFT can be used, there are a few NFTs (here’s an example) that have logic in the onERC721Received() function, which is only triggered in the safeTransferFrom() function and not in transferFrom().
Tools Used
Manual Review
Recommended Mitigation Steps
Consider the use of safeTransferFrom() method instead of transferFrom() for NFT transfers.
The text was updated successfully, but these errors were encountered:
All reactions