However, the approve() will revert if: msg.sender is not the owner and (ownerToOperators[owner])[msg.sender] returns false.
File: VotingEscrow.sol
501: function approve(address _approved, uint256 _tokenId) public {
/***/
507: // Check requirements
508: bool senderIsOwner = (owner == msg.sender);
509: bool senderIsApprovedForAll = (ownerToOperators[owner])[msg.sender];
510:
511: require(senderIsOwner || senderIsApprovedForAll, "sender is not owner or approved");
Impact Details
The owner sets both the NFTs approve() to the user. however, he cannot call merge() successfully.
References
non
Proof of Concept
Foundry PoC:
Please copy the following POC in VotingEscrow.t.sol
function test_poc() public {
uint256 tokenId1 = createVeAlcx(admin, TOKEN_1, MAXTIME, false);
uint256 tokenId2 = createVeAlcx(admin, TOKEN_100K, MAXTIME / 2, false);
hevm.startPrank(admin);
// Vote to trigger flux accrual
hevm.warp(newEpoch());
address[] memory pools = new address[](1);
pools[0] = alETHPool;
uint256[] memory weights = new uint256[](1);
weights[0] = 5000;
voter.vote(tokenId1, pools, weights, 0);
voter.vote(tokenId2, pools, weights, 0);
voter.distribute();
hevm.warp(newEpoch());
// Reset to allow merging of tokens
voter.reset(tokenId1);
//voter.reset(tokenId2); No needs
veALCX.approve(beef, tokenId1);
veALCX.approve(beef, tokenId2);
hevm.stopPrank();
hevm.prank(beef);
hevm.expectRevert(abi.encodePacked("sender is not owner or approved"));
veALCX.merge(tokenId1, tokenId2);
}
Test result:
Ran 1 test for src/test/VotingEscrow.t.sol:VotingEscrowTest
[PASS] test_poc() (gas: 4059754)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 93.81s (68.85s CPU time)
Ran 1 test suite in 96.06s (93.81s CPU time): 1 tests passed, 0 failed, 0 skipped
(1 total tests)
