Refactor ERC721 to use _update pattern

[frangio]

A simpler alternative to #4377 using:

function _update(address from, address to, uint256 tokenId) internal;

_burn now has a from argument.

Fixes LIB-628

[changeset-bot]

⚠️ No Changeset found

Latest commit: cdacda1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes changesets to release 1 package

Name	Type
openzeppelin-solidity	Major

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[Amxx]

This function checks the approval assuming owner is correct, and if that returns false, it gets the actual owner to throw the error. So the argument is considered correct in one case, and not correct in the other ?

I'm not really confortable with that.

[frangio]

I mainly did this to get the current tests to pass, I don't know if this is necessary.

[Amxx]

I'm not a fan of having both from and tokenId in the arguments. when you say which token you want to transfer, it should be clear that its from the current owner. My worry is that devs will want to call that internally, and they'll have to get _ownerOf, just to pass it to this function, that will then check it.

[Amxx]

In particular, that is true of burn:

When you want to burn a token, you now have to get the owner using one sload, and then verify that you got the correct one by duplicating this sload.

[ernestognw]

Would this change also be needed in the EIP itself? I'm worried there's a table with definitions there that might need updating.

[frangio]

Possibly. I made this change because I found the existing names confusing.

[ernestognw]

I see how the existing names are confusing, but I'd look for a way in which the naming makes sense for all errors. Would it be clear if we rename sender completely to from?

[ernestognw]

I would push a bit for adding _unsafe* prefix. The NatSpec itself mentions its unsafe and I'm not sure if the name correctly reflects that. What do you think?

Also, why not _increaseBalance? The function gives the sense of being a getter.

[frangio]

The natspec is outdated. This function should not be described as unsafe. It will never lead to overflow.

I don't understand why updateBalance would sound like it's a getter. increaseBalance is good too, but I thought the parallel with _update made sense.

[ernestognw]

I don't understand why updateBalance would sound like it's a getter.

My bad, I meant it sounds like a setter instead, not a value increase.

increaseBalance is good too, but I thought the parallel with _update made sense.

Makes sense as long as the NatSpec correctly reflects what it does. I changed it for _increaseBalance because I'm strongly in favor of that name. We can discuss it.

[ernestognw]

I think it's a good moment to use whenNotPaused instead as suggested here

[frangio]

Personally I prefer the function call. They are functionally equivalent but the function call is visible inside the function, I just find it more explicit. I don't know if everyone feels the same though.

[ernestognw]

I prefer whenNotPaused precisely because it's less explicit (== less pervasive?).

I'm fine with the function call if we agree to keep consistency between this and ERC1155Pausable where we use the modifier instead.

[Amxx]

Why are we removing virtual from these function ?

[frangio]

Same reason for _transfer but I suppose the public functions have other considerations. Do you think they should remain virtual?

[Amxx]

yes.

Our guidelines are to make (almost) everything virtual. I'm ok to making _transfer, _mint and _burn non virtual, because they can be bypassed by calling _update directly. But apart from these 3, everything else should remain virtual IMO.

[frangio]

Closing in favor of #4377.