Closed sherlock-admin closed 5 months ago
The setApprovalForAll
function is not operational due to other changes in the code.
function _isAuthorized(
address,
address spender,
uint256 tokenId
) internal view override returns (bool) {
return (hasRole(GOVERNANCE_COUNCIL_ROLE, spender) ||
_getApproved(tokenId) == spender);
}
This overrides the inherent behavior that checks for isApprovedForAll()
status. _getApproved()
only checks single token approvals, not ApproveAlls.
Invalid,
approve()
, is overriden, only governance role can give specific approvals to users, wherein telcoin tracks approvals with a separate mapping as in ERC721 as seen heretransferFrom()/safeTransferFrom()
is invoked, the _update()
function will invoke _checkAuthorized()
here which inturn invokes the protocol overriden _isAuthorized()
here with the this logic here, so in fact nobody can transfer unless explicitly approved by governancehttps://github.com/telcoin/telcoin-audit/commit/0555d6d575ac9350847b50260cef73f1c2349f35 Not a valid issue, made changes here for clarity.
The protocol team fixed this issue in PR/commit https://github.com/telcoin/telcoin-audit/commit/0555d6d575ac9350847b50260cef73f1c2349f35.
The Lead Senior Watson signed-off on the fix.
BAICE
high
CouncilMember NFT still support
setApprovalForAll
,safeTransferFrom
transferFrom
methodsSummary
CouncilMember NFT still support
setApprovalForAll
,safeTransferFrom
transferFrom
methodsVulnerability Detail
The
approve()
function is restricted in CouncilMember NFT contract . So, the original purpose of this CouncilMember contract is to limit approval and user transfer .We use
forge inspect
tool to show all methods ofCouncilMember
NFT contract .And the result shows
These are methods that users can call normally, because
CouncilMember
NFT contract inherit fromERC721EnumerableUpgradeable
, and no limit.Impact
These function should be limited, and it is not comply project's purpose .
Code Snippet
https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/sablier/core/CouncilMember.sol#L18-L22
tranferfrom methods https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/token/ERC721/ERC721Upgradeable.sol#L160-L185
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/blob/master/contracts/token/ERC721/ERC721Upgradeable.sol#L145C1-L147C6
Tool used
Manual Review, VSCode
Recommendation
Rewrite these methods and add necessary restrictions .