Open code423n4 opened 2 years ago
First point valid, second point not valid, the standard ERC721 internal minting function checks the recipient address against the zero address.
First point, as mentioned, is valid, but this will be changed with the fix to #70
Resolved in https://github.com/aave/lens-protocol/pull/69
I. Missing comments
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/libraries/InteractionLogic.sol#L44
@param _profileIdByHandleHash.The other parameters have the relevant comments attached to them.Therefore, consider adding for the aforementioned as well.
II. Zero address checks
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/CollectNFT.sol#L29
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/FollowNFT.sol#L48
To prevent accidental deployment to the zero address and the need to redeploy the contract,add a require statement within the constructor.
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/FollowNFT.sol#L69
Prevent tokenIds from being accounted.