-
Notifications
You must be signed in to change notification settings - Fork 11.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move to != owner
check from ERC721.approval
to ERC721._approval
#4136
Comments
This may be a foolish question(very new to the space) but what exactly would be the benefit? gas or optimization ? |
… - resolves issue OpenZeppelin#4136 Updated ERC721._approve function to include a check for the owner before approval is granted. This ensures that the owner is not accidentally approved and prevents unnecessary sload calls. Moved the check from the public ERC721.approve function to the internal ERC721._approve function. Resolves issue OpenZeppelin#4136.
It's just a matter of interface consistency, we expect developers to have reasonable guarantees when they use the library. I think it's reasonable to expect this same check in both the public and internal interface. |
hey i want to work on this issue` function _approval(address owner, address to, uint256 tokenId) internal virtual { |
There are already 2 PRs for this issue. Also, the code you shared above changes the internal interface, which is not something we want. |
Made a PR, it passes all required test |
@Amxx I want to work on this issue, will you give me an overview |
@kr-meet There is a big refactor of ERC721 that is going on internally right now. IMO we should wait for that refactor to be done before changing other things, otherwize we'll multiply conflicts |
no worries, we can wait. |
In
ERC721.approve
(public) we dowe don't do it in
ERC721._approve
(internal)That means its not ok to approve the owner, unless you do it internally ? IMO the check should move from the public to the internal function. (note that there is already a call to
ERC721.ownerOf
inside the internal version, so its not like we are saving ansload
anyway)The text was updated successfully, but these errors were encountered: