c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #22
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #22
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
GalloDaSballo
commented
1 year ago Maintaining 100% because of the clarity in writing
Judge has assessed an item in Issue #19 as 2 risk. The relevant finding follows:
KUMABondToken.sol KBT-01L: Potential Approval Blacklist Bypass (Affected Lines: L148) The KUMABondToken::approve function will apply a blacklist check on the to as well as msg.sender contextual arguments of the call, however, the actual owner of the tokenId is not validated in contrast to setApprovalForAll which disallows an approval to be made by a party that is in the blacklist.
While the approval cannot be actuated on by the transferFrom / safeTransferFrom functions as they do validate the from argument, an approval being made on behalf of a blacklisted owner is an undesirable trait. We advise the code to properly apply the blacklist to the owner of the ERC721 asset, preventing circumvention of the checks if an operator (i.e. isApprovedForAll) was created by a blacklisted owner before they were included in the blacklist.