Transfer to Oneself Possible #55
Assignees
Labels
Comments
This was referenced Jun 4, 2020
evgenykuzyakov
pushed a commit
to near/near-sdk-rs
that referenced
this issue
Jun 5, 2020
evgenykuzyakov
pushed a commit
to near/NEPs
that referenced
this issue
Jun 5, 2020
Fixes: near/core-contracts#47 Fixes: near/core-contracts#49 ### Changelog `0.2.0` - Introduce storage deposits. Make every method payable. Require caller to attach enough deposit to cover potential storage increase. See [core-contracts/#47](near/core-contracts#47) - Replace `set_allowance` with `inc_allowance` and `dec_allowance` to address the issue of allowance front-running. See [core-contracts/#49](near/core-contracts#49) - Validate `owner_id` account ID. See [core-contracts/#54](near/core-contracts#54) - Enforce that the `new_owner_id` is different from the current `owner_id` for transfer. See [core-contracts/#55](near/core-contracts#55)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Informational
Reported by a third party.
Description
The functions transfer() and transfer_from() send an amount of tokens from one account to another. In both cases it is valid to transfer the tokens to and from the same account.
In transfer_from() this can be done by setting owner_id to be the same as new_owner_id .
In transfer() this can be done by setting new_owner_id to be the same as predecessor_account_id.
The net change in the accounts balance will be zero and thus there is no known attack vector using this approach.
Recommendations
It is recommended to ensure that owner_id and new_owner_id represent different accounts.
The text was updated successfully, but these errors were encountered: