Exclude address(0) in ERC721 approvals #4405
Conversation
|
frangio
changed the title
| return (owner != address(0) && | ||
| (spender == owner || | ||
| isApprovedForAll(owner, spender) || | ||
| (_getApproved(tokenId) == spender && spender != address(0)))); |
There was a problem hiding this comment.
No actionnable here, but for the record I'm not a big fan of the linter's style.
Amxx
left a comment
Amxx
left a comment
There was a problem hiding this comment.
Waiting for the tests to run (curious about the gas changes).
If tests are good this LGTM.
| * Emits an {Approval} event. | ||
| */ | ||
| function _approve(address to, uint256 tokenId) internal virtual { | ||
| address owner = ownerOf(tokenId); |
There was a problem hiding this comment.
We should note that ownerOf is already called in the public approve.
If we want to minimize duplicated sloads, we could use a construction similar to _update's condition. This function is almost never used though, so optimising it is not as critical as transferFrom.
|
Closing in favor of #4377 |
2 participants
This PR implements a few changes to make the treatment of
address(0)in ERC721 more uniform and consistent with the rest of the library:_isApprovedOrOwner: Ensure we return false ifspenderisaddress(0). Don't revert if the token is not minted.setApprovalForAll: Revert ifoperatorisaddress(0).approve: Revert iftoisaddress(0).The reasoning to reject
address(0)is that it can show up unexpectedly by reading uninitialized values from storage, or any uninitialized variable, or as the return value of ecrecover, etc., and in the case of_isApprovedOrOwnerif the spender isaddress(0)it could cause the function to return true in combination withgetApproved, since that function returns 0 to indicate that no account is approved.Proposing first before writing tests.
Fixes #4136.
Closes #4169 (superceded).
Closes #4144 (superceded).