approve function will always revert even if called by "owner" because of wrong use of logical &&
Summary
The approve function contains an authorization check using incorrect logical operator (logical AND) that prevents owners from approving transfers, breaking core functionality.
Vulnerability Details
The approve function allows owners to approve another address to transfer. It contains the following check:
if (msg.sender != owner && !isApprovedForAll(owner, msg.sender)) revert SenderNotAuthorized();
The check above improperly uses the AND (&&) logical operator. The && operator evaluates two boolean expressions and returns true only if both sides evaluate to true. It is different from the || "logical OR" operator, where if either side is true, the overall condition will be true.
if (msg.sender != owner && !isApprovedForAll(owner, msg.sender)) revert SenderNotAuthorized(); checks:
If msg.sender is NOT the owner
AND if msg.sender is NOT an approved operator
The issue is an owner will not be an approved operator for what they own. So, when an owner calls the approve function:
msg.sender != owner -> FALSE (msg.sender is owner)
!isApprovedForAll -> TRUE (owner not approved)
With &&, one TRUE side means overall condition is TRUE. This would incorrectly revert.
Impact
The approve function is uncallable as it will always revert
Tools Used
Manual review
Recommendations
if (msg.sender != owner || !isApprovedForAll(owner, msg.sender)) revert SenderNotAuthorized();
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.