ERC721Permit Manual Review Findings

ERC-01M: Potential Deviation of Standard

Type	Severity	Location
Logical Fault		ERC721Permit.sol:L95

Description:

The EIP-721 standard dictates that an IERC721::approve operation should fail if the msg.sender is neither the owner nor an authorized operator of the owner. The latter of the two is not evaluated in the ERC721Permit::permit function.

Impact:

As the Arcade XYZ team may wish to restrict the ERC721Permit::permit functionality solely to the token owner, the current behaviour may be correct.

We advise the Arcade XYZ team to evaluate this exhibit and take appropriate action, either documenting the referenced line or adjusting it to be more flexible and we will adjust the severity accordingly.

Example:

Copy
85function permit(
86    address owner,
87    address spender,
88    uint256 tokenId,
89    uint256 deadline,
90    uint8 v,
91    bytes32 r,
92    bytes32 s
93) public virtual override {
94    if (block.timestamp > deadline) revert ERC721P_DeadlineExpired(deadline);
95    if (owner != ERC721.ownerOf(tokenId)) revert ERC721P_NotTokenOwner(owner);

Recommendation:

We advise the code to potentially evaluate whether the owner specified is an authorized member of the token's actual owner via an ERC721::isApprovedForAll check.

Alleviation (7a4e1dc948e94ded7385dbb74818bcf93ecc207c):

The Arcade XYZ team adjusted the functionality of the ERC721Permit::permit function to properly comply with the standard and evaluate whether the payload's signer is approved for all on behalf of the token's owner, alleviating this exhibit in full.