Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Singularity>Discussion>Confusing argument order
GeneralOverview
Findings
Critical (8)
High (3)
Medium (5)
Low (3)
Informational (5)
DiscussionSome specifications are inaccurateMiMC hash-length extension attackBN254 security levelReturn value of `uniswapLiquidityProvision`Assumption on non-fungible position identifiersRemoved Uniswap positions are keptGas saving in MerkleTreeOperatorGas savings and specification of Mimc254Confusing argument orderCentralization risks
Audit ResultsSummary

Confusing argument order in ERC721AssetPool approve

The ERC721AssetPool contract's approve function is implemented as follows:

function approve(
    address nft,
    uint256 tokenId,
    address to
) external onlyAssetManger transferNotLocked {
    require(
        IERC721(nft).ownerOf(tokenId) == address(this),
        "ERC721AssetPool: NFT does not belong to asset pool"
    );

    IERC721(nft).approve(to, tokenId);
}

The argument order of tokenId and to is unusual here, as normally, as can be seen in the last line of the function body, the recipient is listed before the token ID or amount. This could cause confusion in code calling this function. In the current codebase, this function does not appear to be used so far.

Singularity removed this function in .

Zellic © 2024Back to top ↑