diff --git a/ERCS/erc-7578.md b/ERCS/erc-7578.md index fa520d71d6..9acb4fbb37 100644 --- a/ERCS/erc-7578.md +++ b/ERCS/erc-7578.md @@ -151,14 +151,28 @@ contract ERC7578 is ERC721, IERC7578 { mapping(uint256 tokenId => Properties) private _properties; /** - * @notice Initializes the [ERC-721](./eip-721.md) dependency contract by setting a `name` and a `symbol` to the token collection + * @notice Initializes the name and symbol of the ERC-721 collection */ constructor(string memory _name, string memory _symbol) ERC721(_name, _symbol) {} + /** + * @inheritdoc IERC7578 + */ + function getProperties(uint256 tokenId) public view override returns (Properties memory properties) { + properties = _properties[tokenId]; + } + /** * @notice Initializes the ERC-7578 properties of the `tokenId` token + * + * WARNING: This method should only be called within a function that has appropriate access control + * It is recommended to restrict access to trusted Externally Owned Accounts (EOAs), + * authorized contracts, or implement a Role-Based Access Control (RBAC) mechanism + * Failure to properly secure this method could lead to unauthorized modification of token properties + * + * Emits a {PropertiesSet} event */ - function setProperties(uint256 tokenId, Properties calldata properties) public { + function _setProperties(uint256 tokenId, Properties calldata properties) internal { _properties[tokenId] = Properties({ tokenIssuer: properties.tokenIssuer, assetHolder: properties.assetHolder, @@ -174,16 +188,11 @@ contract ERC7578 is ERC721, IERC7578 { emit PropertiesSet(tokenId, _properties[tokenId]); } - /** - * @inheritdoc IERC7578 - */ - function getProperties(uint256 tokenId) public view override returns (Properties memory properties) { - properties = _properties[tokenId]; - } - /** * @notice Removes the properties of the `tokenId` token - * @param tokenId The ID of the token from which to remove the properties + * @param tokenId The unique identifier of the token whose properties are to be removed + * + * Emits a {PropertiesRemoved} event */ function _removeProperties(uint256 tokenId) internal { delete _properties[tokenId]; @@ -193,7 +202,7 @@ contract ERC7578 is ERC721, IERC7578 { /** * @notice Override of the {_update} function to remove the properties of the `tokenId` token or * to check if they are set before minting - * @param tokenId The ID of the token being minted or burned + * @param tokenId The unique identifier of the token being minted or burned */ function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) { address from = _ownerOf(tokenId); @@ -210,7 +219,7 @@ contract ERC7578 is ERC721, IERC7578 { ## Security Considerations -To ensure the authenticity of a token's properties, the `setProperties()` method should only be called by a trusted externally owned account (EOA) or contract. This trusted entity must verify that the properties accurately reflect the real physical attributes of the token. +To ensure the authenticity of a token's properties, the `_setProperties()` method should only be called inside a method that is restricted to a trusted Externally Owned Account (EOA) or contract. This trusted entity must verify that the properties accurately reflect the real physical attributes of the token. ## Copyright