Comments (8)
cygaar
commented on July 4, 2024
3
Agree with @ahbanavi here, implementing contracts should handle reentrancy. We want to stick as close as possible to the original ERC721 implementation
from erc721a.
cygaar
commented on July 4, 2024
3
Hmm that's a good point, however I think we want to err on the safe side and not make any assumptions on this: "In most cases, if a contract can receive one token, it can receive all". If the community feels strongly about only checking onERC721Received at the end of the batch we can revisit this. Feel free to open a separate issue for that so we can close this one out @jpegdigital
from erc721a.
ahbanavi
commented on July 4, 2024
2
I think the implementing contracts should handle reentrancy, as many contracts (like Azuki) block minting from other contracts in the first place and therefore there's no reentrancy problem (correct me if I'm wrong).
So a warning in _safeMint specs or in the docs I think is enough, and we should keep ERC721A implementation close to the original.
from erc721a.
jpegdigital
commented on July 4, 2024
In terms of solutions/alternatives, I've been thinking of three options for my project:
- Remove _safeMint() all together as handing off control to another contract is risky in this 2022 minting environment.
- Call _checkOnERC721Received() only once for the final token (ensures state is fully updated). Or maybe creating a new _checkOnERC721ReceivedBatch standard.
- Ignore and advise implementing contracts to use reentrancy blockers.
from erc721a.
Vectorized
commented on July 4, 2024
Good points. Looks like balance and the number minted can become inconsistent.
Perhaps a simple check like this could help:
uint256 startTokenId = _currentIndex;
...
for (uint256 i; i < quantity; i++) {
...
}
// Prevents reentrancy
if (safe && _currentIndex != startTokenId) revert();
_currentIndex = updatedIndex;The compiler could optimize it away if safe is always false, but otherwise the gas overhead should be minimal.
from erc721a.
jpegdigital
commented on July 4, 2024
What do y'all think about calling _checkOnERC721Received() only once then at the end of the batch? It could be called with start tokenId (or end) and pass the quantity via the _data parameter?
Thoughts on why this would be appropriate:
- Ensures contract state is consistent before handing off control.
- EIP-721 states
The ERC721 smart contract calls this function on the recipient after a transferwhich could be interpreted to be called just once during a batch. - Main purpose of
safefunctions is to ensure receiving contracts can handle NFTs and won't be permanently lost. In most cases, if a contract can receive one token, it can receive all.
from erc721a.
kyokosdream
commented on July 4, 2024
We followed @cygaar suggestion and added OZ re-entrancy guard to applicable functions in our contract which implements ERC721A. I agree that this should not be included in ERC721A. ERC721A is designed to add a batch minting API to ERC721 and remove unnecessary gas consumption caused by ERC721Enumerable.
EDIT: I've learned more about the difference between _safeMint and _mint and am swapping our calls from the former to the latter and will wait for the #131 pull to be merged.
from erc721a.
Vectorized
commented on July 4, 2024
Fixed in #131 . Can be closed.
from erc721a.
Related Issues (20)
- Broken link in about this project section?
- expose internal method for checking whether an address is authorized to act on behalf of an nft
- ERC721A Contracts Classified as ERC-20 Tokens in Etherscan HOT 2
- Batch burning with ERC721ABurnable implementation HOT 1
- I cannot compile my contract with hardhat
- Incorrect Twitter Link (twitter.com/AzukiOfficial > twitter.com/Azuki)
- OK, I'll give it a try. HOT 1
- fail mint in other contract HOT 1
- Please help me ERC721A team. I'm stuck on infinite loading in my current deployment with Hardhat....
- Please support ERC4906
- We were not able to estimate gas. There might be an error in the contract and this transaction may fail
- ERC721A interface id
- Precalculate TokenIds? HOT 1
- add support for ERC165 HOT 1
- Need a way to dynamically set value for `_startTokenId` in constructor HOT 6
- How can i add royaltyInfo? HOT 1
- Why is value of `_tokenApprovals` mapping a struct with one parameter instead simply an address? HOT 2
- How may not be clean upper bits of `from` address in `transferFrom` function? HOT 2
- What is the purpose of this function on L911? HOT 2
- is there an IERC721Enumerable implementation ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from erc721a.