Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nft-collection L-01] Misuse of sender in _burnWithCheck Function #1627

Open
wants to merge 2 commits into
base: fix/nft-collection-remove-amount-from-signature
Choose a base branch
from
Open

[nft-collection L-01] Misuse of sender in _burnWithCheck Function #1627

wants to merge 2 commits into from

Conversation

adjisb
Copy link
Contributor

@adjisb adjisb commented Jan 27, 2025
edited
Loading

Description

https://internal-jira.atlassian.net/browse/GE-100

Audit

The burnedTokens mapping records the burned NFT tokens for each burner address. The didBurnTokens, burnedTokensCount, and burnedTokens functions take the NFT owner previousOwner as a parameter and utilize it as the index for burnedTokens to retrieve information.

However, within the _burnWithCheck function, when recording the burned NFT token in burnedTokens, the index is incorrectly set to sender, who initiates the action, rather than previousOwner, who is the actual owner of the burned token. This discrepancy could result in misleading return values from the aforementioned view functions.

When setting a value in the burnedTokens mapping, consider using previousOwner instead of sender in the _burnWithCheck function.

Fix

We completely removed the burn tracking

@adjisb adjisb requested a review from a team as a code owner January 27, 2025 18:33
@adjisb adjisb changed the title fix: fix audit L-01 by removing the functionality [L-01] nft-collection fix audit L-01 by removing the functionality Jan 27, 2025
@adjisb adjisb changed the title [L-01] nft-collection fix audit L-01 by removing the functionality [nft-collection L-01] fix audit L-01 by removing the functionality Jan 27, 2025
@adjisb adjisb changed the title [nft-collection L-01] fix audit L-01 by removing the functionality [nft-collection L-01] Misuse of sender in _burnWithCheck Function Jan 28, 2025
@adjisb adjisb force-pushed the fix/nft-collection-audit-L-01 branch from 28c45de to d51749e Compare January 29, 2025 14:12
@adjisb adjisb changed the base branch from fix/nft-collection-audit-M-01 to fix/nft-collection-remove-amount-from-signature February 3, 2025 13:17
@adjisb adjisb force-pushed the fix/nft-collection-remove-amount-from-signature branch 3 times, most recently from d8f13ea to 957a469 Compare February 3, 2025 16:19
Andres Adjimann added 2 commits February 3, 2025 13:19
fix: fix audit L-01 by removing the funtionallity
87a7c86 
WIP: we must stil need to decide if we want to have burn() and
    if we want to be able to enable/disable it
fix: remove ERC721BurnUpgradeable completely
80c9b27
@adjisb adjisb force-pushed the fix/nft-collection-audit-L-01 branch from 7626abc to 80c9b27 Compare February 3, 2025 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wojciech-turek wojciech-turek wojciech-turek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adjisb @wojciech-turek