If the new owner tries to approve an operator right after receiving the NFT, it will fail since the approved address was reset to 0
Proof of Concept
This resets the approved address to 0 after a transfer.
The impact is that if the new owner tries to approve an operator right after receiving the NFT, it will fail since the approved address was reset to 0.
For example:
Alice approves Bob as an operator for NFT #1
Bob transfers NFT #1 to Carol
The approved address is reset to 0 in transferFrom
Carol tries to approve Dan as an operator for NFT #1, but it will fail since the approved address is 0
Tools Used
Manual
Recommended Mitigation Steps
The approved address should NOT be reset to 0 after a transfer. Instead, it should be left unchanged.
Lines of code
https://github.com/code-423n4/2023-09-delegate/blob/a6dbac8068760ee4fc5bababb57e3fe79e5eeb2e/src/DelegateToken.sol#L171
Vulnerability details
Impact
If the new owner tries to approve an operator right after receiving the NFT, it will fail since the approved address was reset to 0
Proof of Concept
This resets the approved address to 0 after a transfer. The impact is that if the new owner tries to approve an operator right after receiving the NFT, it will fail since the approved address was reset to 0. For example:
Tools Used
Manual
Recommended Mitigation Steps
The approved address should NOT be reset to 0 after a transfer. Instead, it should be left unchanged.
Assessed type
Other