Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ERC721: static call for ownerOf function

See original GitHub issue

In the ERC721 contract, the ownerOf function is defined as virtual which allows implementations to change this function.

But invocations of this function do NOT call with virtual dispatch (i.e. they use ERC721.ownerOf).

This creates the possibility somebody will override it and it will stop working.

Proposed solutions:

  1. Remove virtual—because the ownership is tightly coupled with other implementation details. This is a “breaking change”, whatever, file this under “Will say’s it’s okay”.
  2. Use virtual dispatch (s/ERC721\.//g)—this might be inconsistent and confusing

P.S., in the past, other ERC721 functions were called without virtual dispatch and it created a security problem risk. This affects past versions of OZC. I’m not sure if those versions are still supported (see https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2759). I have seen an implementation in the wild that is vulnerable as a result of this.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:8 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
frangiocommented, Oct 6, 2021

Closing this issue for reasons explained in my previous comment: “The burden of guaranteeing internal consistency [when ownerOf is overriden] is moved to the developer who wishes to override in these niche cases.”

The specific case of isApprovedForAll in Contracts 3.x is tracked in https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2792.

0reactions
matthiasgeihscommented, Oct 25, 2022

Thanks @frangio for pointing out ERC721Consecutive. That was exactly what I needed. (Looks like you have included the necessary modification to ERC721 in https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3311.)

Read more comments on GitHub >

github_iconTop Results From Across the Web

why is ERC721 ownerOf function referenced differently from ...
ownerOf() called as if it were a static function while all others are referenced without referencing the contract itself (ex: getApproved )? Is ......
Read more >
ERC 721 - OpenZeppelin Docs
IERC721. Required interface of an ERC721 compliant contract. Functions. balanceOf(owner). ownerOf(tokenId). safeTransferFrom(from, to, tokenId).
Read more >
Is it possible to call a ERC20 function inside a ERC721 contract?
Error Message when transferNFT from ERC721 is called. This is my javascript file calling the functions from both contracts. // Import libraries ...
Read more >
Contract Diff Checker - Moonbeam Chain Explorer
function ownerOf (uint256 tokenId) external view returns (address owner); /** * @dev ... "Address: static call to non-contract"); (bool success, bytes memory ...
Read more >
Property-based testing of ERC-721 Ethereum smart contracts
Listing 5: ERC-721 state machine - rules. Rules. • Listing 5 exemplifies one rule for testing the transferFrom function of ERC721. The methods...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Implementing EIP-2981 (ERC721 Royalties)

Next page

Two package.json in project lack sufficient distinguishing documentation