- Check:
pess-nft-approve-warning - Severity:
Medium - Confidence:
Low
The detector sees if a contract contains erc721.[safe]TransferFrom(from, ...) or erc1155.safe[Batch]TransferFrom(from, ...) where from parameter is not related to msg.sender.
An attacker can steal any approved NFTs because transferFrom function does NOT check that the call is made by its owner.
Unauthorized transfer_from Vulnerability
Make sure that in erc721.[safe]TransferFrom(from, ...) and erc1155.safe[Batch]TransferFrom(from, ...) functions from parameter is related to msg.sender.