Closed iamdefinitelyahuman closed 4 years ago
In NFToken.transferFrom, _auth is set but not properly passed to _transfer:
NFToken.transferFrom
_auth
_transfer
https://github.com/iamdefinitelyahuman/ZAP-Tech/blob/62f8434e9033a930f61e3ddb968a5ecd227ef535/contracts/NFToken.sol#L565-L571
When the issuer uses transferFrom, this results in improper permission checks as well as incorrect modification of the allowed mapping.
transferFrom
allowed
The Issue
In
NFToken.transferFrom,_authis set but not properly passed to_transfer:https://github.com/iamdefinitelyahuman/ZAP-Tech/blob/62f8434e9033a930f61e3ddb968a5ecd227ef535/contracts/NFToken.sol#L565-L571
When the issuer uses
transferFrom, this results in improper permission checks as well as incorrect modification of theallowedmapping.How to Fix
_authto_transfertransferFromis called by the issuer