Closed iamdefinitelyahuman closed 4 years ago
In NFToken.transferFrom, _auth is set but not properly passed to _transfer:
NFToken.transferFrom
_auth
_transfer
https://github.com/iamdefinitelyahuman/ZAP-Tech/blob/62f8434e9033a930f61e3ddb968a5ecd227ef535/contracts/NFToken.sol#L565-L571
When the issuer uses transferFrom, this results in improper permission checks as well as incorrect modification of the allowed mapping.
transferFrom
allowed
The Issue
In
NFToken.transferFrom
,_auth
is set but not properly passed to_transfer
:https://github.com/iamdefinitelyahuman/ZAP-Tech/blob/62f8434e9033a930f61e3ddb968a5ecd227ef535/contracts/NFToken.sol#L565-L571
When the issuer uses
transferFrom
, this results in improper permission checks as well as incorrect modification of theallowed
mapping.How to Fix
_auth
to_transfer
transferFrom
is called by the issuer