elie222
commented
2 years ago I'm not sure the blacklist solves the issue :( If owner mints 100, transfers them all to owner2, then owner2 refunds. owner2 receives 10eth and owner receives 100 nfts. And they can keep repeating.
We just merged in a PR to tackle this issue here: https://github.com/exo-digital-labs/ERC721R/pull/9
Happy to hear your thoughts.
should be prohibited refundAddress call refund