Update ERC-7578: Fix permissions on set properties

Merged by EIP-Bot.
ethereum · Sep 13, 2024 · cea07d3 · cea07d3
1 parent e5d239f
commit cea07d3
Showing 1 changed file with 21 additions and 12 deletions.
diff --git a/ERCS/erc-7578.md b/ERCS/erc-7578.md
@@ -151,14 +151,28 @@ contract ERC7578 is ERC721, IERC7578 {
     mapping(uint256 tokenId => Properties) private _properties;
 
     /**
-     * @notice Initializes the [ERC-721](./eip-721.md) dependency contract by setting a `name` and a `symbol` to the token collection
+     * @notice Initializes the name and symbol of the ERC-721 collection
      */
     constructor(string memory _name, string memory _symbol) ERC721(_name, _symbol) {}
 
+    /**
+     * @inheritdoc IERC7578
+     */
+    function getProperties(uint256 tokenId) public view override returns (Properties memory properties) {
+        properties = _properties[tokenId];
+    }
+
     /**
      * @notice Initializes the ERC-7578 properties of the `tokenId` token
+     *
+     * WARNING: This method should only be called within a function that has appropriate access control
+     * It is recommended to restrict access to trusted Externally Owned Accounts (EOAs),
+     * authorized contracts, or implement a Role-Based Access Control (RBAC) mechanism
+     * Failure to properly secure this method could lead to unauthorized modification of token properties
+     *
+     * Emits a {PropertiesSet} event
      */
-    function setProperties(uint256 tokenId, Properties calldata properties) public {
+    function _setProperties(uint256 tokenId, Properties calldata properties) internal {
         _properties[tokenId] = Properties({
             tokenIssuer: properties.tokenIssuer,
             assetHolder: properties.assetHolder,
@@ -174,16 +188,11 @@ contract ERC7578 is ERC721, IERC7578 {
         emit PropertiesSet(tokenId, _properties[tokenId]);
     }
 
-    /**
-     * @inheritdoc IERC7578
-     */
-    function getProperties(uint256 tokenId) public view override returns (Properties memory properties) {
-        properties = _properties[tokenId];
-    }
-
     /**
      * @notice Removes the properties of the `tokenId` token
-     * @param tokenId The ID of the token from which to remove the properties
+     * @param tokenId The unique identifier of the token whose properties are to be removed
+     *
+     * Emits a {PropertiesRemoved} event
      */
     function _removeProperties(uint256 tokenId) internal {
         delete _properties[tokenId];
@@ -193,7 +202,7 @@ contract ERC7578 is ERC721, IERC7578 {
     /**
      * @notice Override of the {_update} function to remove the properties of the `tokenId` token or
      * to check if they are set before minting
-     * @param tokenId The ID of the token being minted or burned
+     * @param tokenId The unique identifier of the token being minted or burned
      */
     function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) {
         address from = _ownerOf(tokenId);
@@ -210,7 +219,7 @@ contract ERC7578 is ERC721, IERC7578 {
 
 ## Security Considerations
 
-To ensure the authenticity of a token's properties, the `setProperties()` method should only be called by a trusted externally owned account (EOA) or contract. This trusted entity must verify that the properties accurately reflect the real physical attributes of the token.
+To ensure the authenticity of a token's properties, the `_setProperties()` method should only be called inside a method that is restricted to a trusted Externally Owned Account (EOA) or contract. This trusted entity must verify that the properties accurately reflect the real physical attributes of the token.
 
 ## Copyright