Omniscia LimeChain Audit

WrappedERC721 Manual Review Findings

WER-01M: Potentially Insecure Burn Operation

Type	Severity	Location
Logical Fault	Medium	WrappedERC721.sol:L40-L44

Description:

The burn function exposed by the WrapperERC721 implementation can lead to complications when it comes to the cross-chain component as an NFT may be locked on one chain, released as a wrapped one on another and then burned outside of the Hashport system thus causing it to be permanently locked.

Example:

contracts/WrappedERC721.sol

40function burn(uint256 tokenId) public virtual override {
41    super.burn(tokenId);
42
43    delete _metadata[tokenId];
44}

Recommendation:

We advise this trait of the system to be assessed and if deemed undesirable to only allow the ERC721PortalFacet to burn NFT instances.

Alleviation:

The burn function was made to be invoke-able solely by the owner of the contract via the onlyOwner modifier thereby alleviating this exhibit.

Omniscia LimeChain Audit

WrappedERC721 Manual Review Findings

WrappedERC721 Manual Review Findings

WER-01M: Potentially Insecure Burn Operation

Description:

Example:

Recommendation:

Alleviation:

GovernanceV2Facet.sol (GVF-M)

GovernanceFacet.sol (GFT-C)

On this page