search

hats-finance / Tapioca-0xe0b920d38a0900af3bab7ff0ca0af554129f54ad

4 stars 4 forks source link

Аdditional verification is missing in `isApprovedOrOwner` function #25

Open hats-bug-reporter[bot] opened 6 months ago

hats-bug-reporter[bot] commented 6 months ago

Github username: @Jelev123 Twitter username: zhulien_zhelev Submission hash (on-chain): 0xc35a88f5f3afd660e8195fd0a25c5c6b700c9d1f0e57572cac7c0abaab029e88 Severity: medium

Description: Description\ In isApprovedOrOwner function in oTAP.sol is missing check for isERC721Approved(_ownerOf(_tokenId), _spender, address(this), _tokenId); as done in this function

  1. Proof of Concept (PoC) File 
    function isApprovedOrOwner(address _spender, uint256 _tokenId) external view returns (bool) {
    return _isApprovedOrOwner(_spender, _tokenId);
}

*Recommendation

Do the extra check

function isApprovedOrOwner(address _spender, uint256 _tokenId) external view returns (bool) {
        return _isApprovedOrOwner(_spender, _tokenId)
            || isERC721Approved(_ownerOf(_tokenId), _spender, address(this), _tokenId);
    }
maarcweiss commented 5 months ago

Hi! We said we were not going to reward lows, but we are going to reward you with 150 USDC as a token of appreciation

Jelev123 commented 5 months ago

Thank you very much for the kind gesture. I truly appreciate the recognition and the reward of 150 USDC.