search

shawntabrizi / substrate-collectables-workshop

A guided tutorial for building an NFT marketplace with the Polkadot SDK
https://www.shawntabrizi.com/substrate-collectables-workshop/
MIT License
232 stars 98 forks source link

Kitties are breedable without owners' consent #117

Closed JoshOrndorff closed 5 years ago

JoshOrndorff commented 5 years ago

The breed_kitty function does not ensure that the owners of the kitties are interested in breeding.

An attacker could breed two strangers' kitties and keep the offspring.

shawntabrizi commented 5 years ago

To me, this authorization check adds complexity where it is otherwise not very educational.

It requires extra storage items, extra functions, etc.... In general, I even wanted to reduce the number of functions which make it into the final cryptokitties runtime for the main tutorial. Instead, we can look to extra sections to add these kinds of details if needed.

JoshOrndorff commented 5 years ago

Good point. This is for teaching, not for production.

todofixthis commented 5 years ago

This was added as a stretch goal in https://substrate.dev/substrate-collectables-workshop/#/3/playing-our-game?id=challenge