Omniscia MetaSoccer Audit
MetaSoccerScouting Manual Review Findings
MetaSoccerScouting Manual Review Findings
MSS-01M: Non-Standard Usage of ERC721 Functions
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | MetaSoccerScouting.sol:L320, L322, L348 |
Description:
The _startScouting function will allow the _owner of an existing scouting operation to react as it invokes the _safeTransfer function when transferring the scouting to the _owner, however, a direct _mint operation is performed when the scouting is newly created.
Example:
319if (_exists(_scoutId)) {320 _safeTransfer(address(this), _owner, _scoutId, "");321} else {322 _mint(_owner, _scoutId);323}Recommendation:
We advise behaviour to be streamlined in both instances and the non-reactive _transfer to be utilized in place of _safeTransfer, disallowing re-entrancies and allowing traditional wallets to interact with the contract. Additionally, we advise the last linked safeTransferFrom function invocation to be revised to a direct transferFrom, ensuring non-smart contract wallets can interact properly with the system.
Alleviation:
A direct _transfer invocation is now utilized in the first instance, however, in the second linked instance the safeTransferFrom function remains utilized thereby partially alleviating this exhibit.