Closed sherlock-admin closed 8 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid because { the approval is only for governace to allow them to have the ability to transfer(removerfromOffice) at any moment and not for users to do something; so its imposible for anyone to have the approval as its governace modifier protected.}
zzykxx
medium
removeFromOffice()
does not reset_tokenApproval
Summary
The approved address for a given council member NFT is not resetted when an NFT is transferred.
Vulnerability Detail
The function
removeFromOffice()
inCouncilMember.sol
transfers an NFT to a different address but does not reset the approval given via the_tokenApproval
variable.Impact
When a council member NFT is transferred the token will be approved to the same address as before the transfer.
Code Snippet
Tool used
Manual Review
Recommendation
Reset the approval after the transfer:
Duplicate of #35