Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
`ERC721_burn` transfers control of token to non(Account)
See original GitHub issueThe ERC721_burn function of the ERC721_base.cairo file attempts to clear approvals and delete the owner for a given tokenId. This attempt uses the pattern of setting the approval and owner address to be zero.
In the EVM this workflow fits in with its account model. But in this Startnet environment, functions can actually be invoked with caller the “zero” address when not routed through a contract such as Account.cairo.
This means that ERC721_burn actually makes the owner this “zero” address and now any user can seize control of this token by making calls not routed through such an Account.cairo contract.
I will push a PR promptly that should fix this issue.
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Just don’t find them ok???
If I understand this correctly, I believe we have a check for this. When
transferFromis called, it invokes_transferwhich checks that the owner is not the zero address withownerOf. See here. Thus, if you try to transfer a burned token (whose owner is0after the burn) as the zero address, the tx will still fail