Restrict ERC721Wrapper wrap by direct transfer (#4043)

Co-authored-by: Hadrien Croubois <hadrien.croubois@gmail.com>
2023-02-14 14:47:07 -06:00
parent 5a00628ed3
commit 2c711d0b05
2 changed files with 9 additions and 47 deletions
--- a/contracts/token/ERC721/extensions/ERC721Wrapper.sol
+++ b/contracts/token/ERC721/extensions/ERC721Wrapper.sol
@ -17,10 +17,6 @@ import "../utils/ERC721Holder.sol";
 abstract contract ERC721Wrapper is ERC721, ERC721Holder {
    IERC721 private immutable _underlying;

-    // Kept as bytes12 so it can be packed with an address
-    // Equal to 0xb125e89df18e2ceac5fd2fa8
-    bytes12 public constant WRAPPER_ACCEPT_MAGIC = bytes12(keccak256("WRAPPER_ACCEPT_MAGIC"));
-
    constructor(IERC721 underlyingToken) {
        _underlying = underlyingToken;
    }
@ -29,7 +25,7 @@ abstract contract ERC721Wrapper is ERC721, ERC721Holder {
     * @dev Allow a user to deposit underlying tokens and mint the corresponding tokenIds.
     */
    function depositFor(address account, uint256[] memory tokenIds) public virtual returns (bool) {
-        bytes memory data = abi.encodePacked(WRAPPER_ACCEPT_MAGIC, account);
+        bytes memory data = abi.encodePacked(account);

        uint256 length = tokenIds.length;
        for (uint256 i = 0; i < length; ++i) {
@ -61,23 +57,22 @@ abstract contract ERC721Wrapper is ERC721, ERC721Holder {
     * @dev Overrides {IERC721Receiver-onERC721Received} to allow minting on direct ERC721 transfers to
     * this contract.
     *
-     * In case there's data attached, it validates that the sender is aware of this contract's existence and behavior
-     * by checking a magic value (`WRAPPER_ACCEPT_MAGIC`) in the first 12 bytes. If it also matches, the rest 20
-     * bytes are used as an address to send the tokens to.
+     * In case there's data attached, it validates that the operator is this contract, so only trusted data
+     * is accepted from {depositFor}.
     *
     * WARNING: Doesn't work with unsafe transfers (eg. {IERC721-transferFrom}). Use {ERC721Wrapper-_recover}
     * for recovering in that scenario.
     */
    function onERC721Received(
-        address,
+        address operator,
        address from,
        uint256 tokenId,
        bytes memory data
    ) public override returns (bytes4) {
        require(address(underlying()) == _msgSender(), "ERC721Wrapper: caller is not underlying");
        if (data.length > 0) {
-            require(data.length == 32 && WRAPPER_ACCEPT_MAGIC == bytes12(data), "ERC721Wrapper: Invalid data format");
-            from = address(bytes20(bytes32(data) << 96));
+            require(data.length == 20 && operator == address(this), "ERC721Wrapper: Invalid data format");
+            from = address(bytes20(data));
        }
        _safeMint(from, tokenId);
        return IERC721Receiver.onERC721Received.selector;