Who can toggle an NFT transfer? #1050
-
|
Hey, I'm looking for a way to withdraw a stream and transfer it to another recipient in a programmatic way, through an intermediary contract (aka Stream Management contract - see this discussion). However, this can be bypassed through a 3-step process, as follows:
With all that said, should only the stream recipient be able to transfer the NFT? If so, the workflow above should not be allowed. Otherwise, if that's not an issue, is there another way to accomplish it? Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Hi Gabriel, thanks for your question. If the user approves an operator through the ERC-721 This makes me think that maybe we should rewrite the check here to call cc @sablier-labs/solidity
No, at the moment, you would have to call the two functions separately. But, as I've said, it should be fine to modify the code to allow this behavior to be enacted through the Thanks for your feedback! |
Beta Was this translation helpful? Give feedback.
-
|
Hi Paul, Thanks for your prompt answer. That make sense!
That's what I was going to ask & propose next. Thanks again! |
Beta Was this translation helpful? Give feedback.
-
|
I thank you! |
Beta Was this translation helpful? Give feedback.
Hi Gabriel, thanks for your question.
If the user approves an operator through the ERC-721
approvemethod, then it is a perfectly legitimate behavior for the operator to be able to (i) withdraw the maximum withdrawable amount from the stream and (ii) transfer the NFT.This makes me think that maybe we should rewrite the check here to call
_isCallerStreamRecipientOrApprovedinstead of checking just the recipient.cc @sablier-labs/solidity
No, at the moment, you would have to call the two functions separately. But, as I've said, it should be fine to modify the code to allow this behavior to be enacted through the
withdrawMaxAndTransferfunction direc…