Closed elv-serban closed 2 years ago
Why not put the
require
check in_isApprovedOrOwner
?
That is part of the openzeppelin library. I checked the latest version and it is still the same. I will make a ticket on that and will link here. It's strange they don't even have a mention on this in the comments
In that case a helper wrapper function can avoid the copy/paste
In that case a helper wrapper function can avoid the copy/paste
Agreed! Will do in another change set. But I would like to hear form openzeppelin first
All signature checks allow for a null signature - the ecrecover returns 0 and the openzeppelin _isApprovedForOwner() allows a spender that is address(0) becuase getApproved(token) id returns 0.
The fix is to specifically require sender/signer/spender is not 0