From a9217a22fb3f17eda715dd8adf9308a44ed7afdc Mon Sep 17 00:00:00 2001
From: Rob Green <rbgrn@rbgrn.net>
Date: Tue, 29 Aug 2023 11:59:56 -0700
Subject: [PATCH] Scope transfer frontrunning fix (#3)

---
 src/PatchworkProtocol.sol    |  1 +
 test/PatchworkProtocol.t.sol | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/src/PatchworkProtocol.sol b/src/PatchworkProtocol.sol
index 248e3a7..62584eb 100644
--- a/src/PatchworkProtocol.sol
+++ b/src/PatchworkProtocol.sol
@@ -46,6 +46,7 @@ contract PatchworkProtocol {
     function transferScopeOwnership(string calldata scopeName, address newOwner) public {
         Scope storage s = _scopes[scopeName];
         require(msg.sender == s.owner, "not authorized");
+        require(newOwner != address(0), "not allowed");
         s.owner = newOwner;
     }
 
diff --git a/test/PatchworkProtocol.t.sol b/test/PatchworkProtocol.t.sol
index 463e1ce..d57d60e 100644
--- a/test/PatchworkProtocol.t.sol
+++ b/test/PatchworkProtocol.t.sol
@@ -220,6 +220,16 @@ contract PatchworkProtocolTest is Test {
         prot.batchAssignNFT(fragmentAddresses, fragments, address(testPatchLiteRefNFT), fragmentTokenId2);
     }
 
+    function testScopeTransferCannotBeFrontrun() public {
+        address maliciousActor = address(120938);
+        // A malicious actor attempts to preconfigure and transfer a scope to 0 so an unsuspecting actor claims it but it already has operators preconfigured
+        vm.startPrank(maliciousActor);
+        prot.claimScope("foo");
+        prot.addOperator("foo", address(4));
+        vm.expectRevert("not allowed");
+        prot.transferScopeOwnership("foo", address(0));
+    }
+
     function testUserAssignNFT() public {
         uint256 testBaseNFTTokenId = testBaseNFT.mint(userAddress);