DatingDapp

AI First Flight #6

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: low

Invalid

Soulbound NFT Allows ERC721 Approvals, Violating Non-Delegable Design

sexretxt

Root + Impact

Description

Normal behavior:
SoulboundProfileNFT is intended to represent a non-transferable, non-delegable identity NFT.
Once minted, the profile should remain permanently bound to the owner address, without any form of delegated control.
Issue:
Although transferability is restricted (or intended to be restricted) for this soulbound NFT, standard ERC721 approval mechanisms (approve and setApprovalForAll) remain enabled.
This allows users to grant approvals to third parties, which is inconsistent with the non-delegable nature of soulbound identity tokens.

// Root cause: approval mechanisms are not disabled

// ERC721 default behavior remains active

// @> approve(address to, uint256 tokenId)

// @> setApprovalForAll(address operator, bool approved)

Risk

Likelihood:

Reason 1: Approval functions are publicly available as part of the ERC721 standard.
Reason 2: Any profile NFT owner can successfully call approve or setApprovalForAll at any time.

Impact:

Impact 1: No direct security impact: approved operators cannot transfer the token if transfer paths are properly blocked.
Impact 2: Design and UX inconsistency: approvals imply delegated control, which contradicts the soulbound identity model.
Impact 3: Integrator confusion: external systems or frontends may incorrectly assume approved operators have meaningful authority over the profile NFT.

📌 This issue does not enable fund loss, identity takeover, or state corruption.

Proof of Concept

Explanation

The contract does not override or restrict ERC721 approval functions.
As a result, approvals can be granted successfully, even though they are effectively unusable.

// Owner approves a third party

soulboundProfileNFT.approve(spender, tokenId);

// Approval succeeds, but spender cannot meaningfully act on it

This behavior is misleading for users and integrators, especially in an identity-centric soulbound design.

Recommended Mitigation

Disable ERC721 approval mechanisms to align the contract behavior with a true non-delegable soulbound model.

+ function approve(address, uint256) public pure override {

+ revert SoulboundTokenCannotBeTransferred();

+ }

+ function setApprovalForAll(address, bool) public pure override {

+ revert SoulboundTokenCannotBeTransferred();

+ }

This ensures the profile NFT cannot be delegated in any form and avoids misleading approval states.

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 1 day ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!