Authorization added to approve function can be bypassed
Summary
The approve function has been limited to GOVERNANCE_COUNCIL_ROLE but the owner of the token can bypass this functionality and use setApprovalForAll function to allow spending tokens by a third-party contract.
Vulnerability Detail
The approve function has been limited to GOVERNANCE_COUNCIL_ROLE and allows setting approval for any token to any address. The owner of the token can use setApprovalForAll function and set third-party contract as an operator which will allow to bypass authorization added to approve function.
Impact
The users can use setApprovalForAll and allow any contract to spend the ERC721 tokens bypassing authorization added to approve function.
In case the approvals should be used by the users it is required to override setApprovalForAll function.
In case the it should be possible by user to manage his own approval it is recommended to implement additional function such as approveToken instead of overriding existing approve function.
r0ck3tz
medium
Authorization added to approve function can be bypassed
Summary
The
approve
function has been limited toGOVERNANCE_COUNCIL_ROLE
but the owner of the token can bypass this functionality and usesetApprovalForAll
function to allow spending tokens by a third-party contract.Vulnerability Detail
The
approve
function has been limited toGOVERNANCE_COUNCIL_ROLE
and allows setting approval for any token to any address. The owner of the token can usesetApprovalForAll
function and set third-party contract as an operator which will allow to bypass authorization added toapprove
function.Impact
The users can use
setApprovalForAll
and allow any contract to spend the ERC721 tokens bypassing authorization added toapprove
function.Code Snippet
Tool used
Manual Review
Recommendation
It is recommended to:
setApprovalForAll function
.approveToken
instead of overriding existingapprove
function.Duplicate of #243