ERC 721: canTransfer should modify _transfer function about erc721 HOT 4 CLOSED

_transfer is a private function so it cannot be overridden or called if a contracts inherits from NFToken contract... If anyone is modifying NFToken as it is he can change anything anyway..

from erc721.

Here is my reasoning and possible bug scenarios (all of them dealing with user doing something wrong):

1. User inherits and overrides safeTransferFrom w/o adding modifiers -> open acess.
2. User inherits and adds its own specialTransfer which uses _transfer. Here he has to explicitly check for state change permissions which happen in _transfer. If he fails to do it, then we have open access again.
3. User modifies our existing implementation and does some stupid things like changing _transfer to external or other weird things.

I'm not saying this would "guard" against all stupidity but I think it's a good design if you keep permission checks coupled with the code that does states changes. Wdyt? I don't see any drawbacks but potentially we shrink surface for introducing some bugs.

from erc721.

If a user overriders safeTransferFrom he cannot call _transfer from it because it is private.. So neither 1 or 2 can happen and there is no protection for 3.

from erc721.

You're right. Just checked the docs and private functions aren't visible to derived contracts - my bad. OK, this invalidates the 1 and 2 which were the most significant ones. Closing this issue.

from erc721.