Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to != owner check from ERC721.approval to ERC721._approval #4136

Closed
Amxx opened this issue Mar 25, 2023 · 8 comments · Fixed by #4377
Closed

Move to != owner check from ERC721.approval to ERC721._approval #4136

Amxx opened this issue Mar 25, 2023 · 8 comments · Fixed by #4377
Labels
good first issue Low hanging fruit for new contributors to get involved!
Milestone
5.0

Comments

@Amxx
Copy link
Collaborator

Amxx commented Mar 25, 2023
edited
Loading

In ERC721.approve (public) we do

require(to != owner, "ERC721: approval to current owner");

we don't do it in ERC721._approve (internal)

That means its not ok to approve the owner, unless you do it internally ? IMO the check should move from the public to the internal function. (note that there is already a call to ERC721.ownerOf inside the internal version, so its not like we are saving an sload anyway)
@Amxx Amxx added the good first issue Low hanging fruit for new contributors to get involved! label Mar 25, 2023
@boxingcoder00
Copy link

This may be a foolish question(very new to the space) but what exactly would be the benefit? gas or optimization ?

@Saksham010 Saksham010 mentioned this issue Mar 25, 2023
Closed
ViharGandhi added a commit to ViharGandhi/openzeppelin-contracts that referenced this issue Mar 28, 2023
@ViharGandhi
Moved owner check from public to internal function in ERC721 contract…
25b649b 
… - resolves issue OpenZeppelin#4136

Updated ERC721._approve function to include a check for the owner before approval is granted. This ensures that the owner is not accidentally approved and prevents unnecessary sload calls. Moved the check from the public ERC721.approve function to the internal ERC721._approve function. Resolves issue OpenZeppelin#4136.
@ViharGandhi ViharGandhi mentioned this issue Mar 28, 2023
Closed
3 tasks
@Amxx Amxx mentioned this issue Mar 28, 2023
Closed
3 tasks
@ernestognw
Copy link
Member

This may be a foolish question(very new to the space) but what exactly would be the benefit? gas or optimization ?

It's just a matter of interface consistency, we expect developers to have reasonable guarantees when they use the library. I think it's reasonable to expect this same check in both the public and internal interface.

@rupak21
Copy link

rupak21 commented Apr 4, 2023

hey i want to work on this issue`

function _approval(address owner, address to, uint256 tokenId) internal virtual {
require(to != owner, "ERC721: approval to current owner");
_tokenApprovals[tokenId] = to;
emit Approval(owner, to, tokenId);
}
`

@Amxx
Copy link
Collaborator Author

Amxx commented Apr 4, 2023

hey i want to work on this issue`

function _approval(address owner, address to, uint256 tokenId) internal virtual { require(to != owner, "ERC721: approval to current owner"); _tokenApprovals[tokenId] = to; emit Approval(owner, to, tokenId); } `

There are already 2 PRs for this issue.

Also, the code you shared above changes the internal interface, which is not something we want.

This was referenced Apr 4, 2023
Closed
Closed
@Saksham010
Copy link

hey i want to work on this issuefunction _approval(address owner, address to, uint256 tokenId) internal virtual { require(to != owner, "ERC721: approval to current owner"); _tokenApprovals[tokenId] = to; emit Approval(owner, to, tokenId); }

There are already 2 PRs for this issue.

Also, the code you shared above changes the internal interface, which is not something we want.

Made a PR, it passes all required test

@frangio frangio added this to the 5.0 milestone Apr 26, 2023
@kr-meet
Copy link

kr-meet commented Jun 1, 2023

@Amxx I want to work on this issue, will you give me an overview

@Amxx
Copy link
Collaborator Author

Amxx commented Jun 1, 2023

@kr-meet There is a big refactor of ERC721 that is going on internally right now. IMO we should wait for that refactor to be done before changing other things, otherwize we'll multiply conflicts

@kr-meet
Copy link

kr-meet commented Jun 1, 2023

@kr-meet There is a big refactor of ERC721 that is going on internally right now. IMO we should wait for that refactor to be done before changing other things, otherwize we'll multiply conflicts

no worries, we can wait.

@frangio frangio mentioned this issue Jul 1, 2023
Closed
@frangio frangio mentioned this issue Jul 12, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Low hanging fruit for new contributors to get involved!
Projects
None yet
Milestone
5.0
7 participants
@frangio @Amxx @ernestognw @Saksham010 @rupak21 @boxingcoder00 @kr-meet