Assessment reports>MightyNet>Threat Models>restrict

Function: restrict(address tokenContract, uint256[] tokenIds)

Given a token contract and list of IDs, marks them as restricted.

Inputs

  • tokenContract

    • Control: Fully controllable by caller.

    • Constraints: Must successfully receive calls to exists.

    • Impact: The contract must be able to check if a token exists.

  • tokenIds

    • Control: Fully controllable by caller.

    • Constraints: Must be non-empty.

    • Impact: N/A.

Branches and code coverage (including function calls)

Intended branches

  • Properly restricts tokens if each token is valid and not restricted.

Negative behavior

  • Reverts if the tokenIds list is empty.

  • Reverts if any of the tokens does not exist in the given contract.

  • Reverts if any of the tokens is already restricted.

  • Reverts if the caller is not a restrictor.

Function call analysis

  • restrict -> ERC721Restrictable(tokenContract).exists

    • What is controllable? The target contract and the token ID.

    • If return value controllable, how is it used and how can it go wrong? Used to check if the token exists.

    • What happens if it reverts, reenters, or does other unusual control flow? Function will revert.

Zellic © 2025Back to top ↑