-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A security hole! #196
Comments
Great discovery, bro.
If there is any question to this fix or if just want wanna talk about technologies of blockchain, feel free to contact me |
The solution above is to make sure the And this is way more easy with much cleaner code: function _transfer(address _from, address _to, uint256 _tokenId) private {
ownerZombieCount[_to] = ownerZombieCount[_to].add(1);
ownerZombieCount[msg.sender] = ownerZombieCount[msg.sender].sub(1);
zombieToOwner[_tokenId] = _to;
// This is where we add:
delete zombieApprovals[_tokenId];
// That's it! Only one line code to make sure the any previous approval info about this token is gone.
Transfer(_from, _to, _tokenId);
}
We also need to add this line The idea was made by cryptokitties.co The original code below: /// @dev Assigns ownership of a specific Kitty to an address.
function _transfer(address _from, address _to, uint256 _tokenId) internal {
// Since the number of kittens is capped to 2^32 we can't overflow this
ownershipTokenCount[_to]++;
// transfer ownership
kittyIndexToOwner[_tokenId] = _to;
// When creating new kittens _from is 0x0, but we can't account that address.
if (_from != address(0)) {
ownershipTokenCount[_from]--;
// once the kitten is transferred also clear sire allowances
delete sireAllowedToAddress[_tokenId];
// clear any previously approved ownership exchange
delete kittyIndexToApproved[_tokenId];
}
// Emit the transfer event.
Transfer(_from, _to, _tokenId);
} Don't forget to thumps up! 👍 👍 💯 💯 👍 👍 |
I think it works just adding |
@euglena Ha. Yes. |
Hello Loom team,
I like your course very much. Thanks. But I found a security hole in this code which could probably cause fatal problems in an application.
Look at the code in Lesson 5 Chapter 8.
Imagine there are 3 persons: A, B and C. A owned a zombie. First, A approved that zombie to B, and then A transferred it to C in an exchange. What if B executed "takeOwnership" of the same zombie after that? Yes! He/she would succeed and got ownership of it! And poor C lost his/her zombie without knowing why....
We should add some code to cancel the approval of the zombie in the same time it is transferred.
The text was updated successfully, but these errors were encountered: