Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Internal ownedTokensIndex not properly cleared when removing a token from its owner in ERC721 #839

Closed
spalladino opened this issue Mar 26, 2018 · 4 comments · Fixed by #1549
Assignees
Labels
bug good first issue Low hanging fruit for new contributors to get involved!
Milestone

Comments

@spalladino
Copy link
Contributor

🎉 Description

See this comment for more info. In the scenario that a token is removed from its owner, if that token was in the last index of the owner's array, the ownedTokensIndex keeps a reference to the token that should be deleted.

This does not cause any issues in the external interface of the contract, but the data structure it should be properly cleared. Thanks @mudgen for catching it.

  • 🐛 This is a bug report.
@spalladino spalladino added the bug label Mar 26, 2018
@shrugs shrugs self-assigned this Apr 3, 2018
@frangio frangio added the good first issue Low hanging fruit for new contributors to get involved! label Apr 3, 2018
michald added a commit to michald/zeppelin-solidity that referenced this issue Apr 23, 2018
michald added a commit to michald/zeppelin-solidity that referenced this issue Apr 23, 2018
michald added a commit to michald/zeppelin-solidity that referenced this issue Apr 23, 2018
@nventuro nventuro added this to the v2.1 milestone Nov 24, 2018
@frangio frangio assigned nventuro and unassigned shrugs Nov 27, 2018
@nventuro
Copy link
Contributor

nventuro commented Dec 6, 2018

I'm inclining towards not fixing this 'bug', for the following reasons:

  1. I argue there isn't really a bug in the first place, since the Solidity interface is not affected by it.
  2. The 'issue' is that a deleted token's index in its owner's array (_ownedTokensIndex) is not cleared. However, 'clear' simply means 'setting to 0', and 0 is a valid index value. This means that there's no potential for this 'tyding-up' to prevent future bugs.
  3. This data structure is only ever used (read from) when deleting tokens in _removeTokenFrom. Any deleted token must obviously first be created, at which point the index will be set to the correct value, yielding zero negative consequences for not clearing the index, and increased gas costs when doing it (both for the SSTORE that sets it to 0, and the SSTORE that changes it from 0 to a different value, which is even more expensive).

@nventuro
Copy link
Contributor

nventuro commented Dec 6, 2018

This is related to #1541, where I propose getting rid of more cleanup of this sort.

@frangio
Copy link
Contributor

frangio commented Dec 6, 2018

Actually the additional SSTORE should result in a cheaper transaction because it's zeroing out a storage slot. @nventuro and I have been doing some tests though and it doesn't seem to be that way. We're still not sure why but will keep looking into it.

@nventuro
Copy link
Contributor

nventuro commented Dec 6, 2018

Yup, my comment was based on tests, not my understanding of the platform (which is clearly wrong, since I'd expect the zero-ing out to refund 10k gas).

Continuing the discussion on #1541 to avoid having two threads.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug good first issue Low hanging fruit for new contributors to get involved!
Projects
None yet
4 participants