audit of the ERC721R

0xGuard has performed an audit of the ERC721R implementation of the NFT standard ERC721

ERC721R is an implementation of the NFT standard ERC721. The official documentation lists several benefits for choosing this version over others. And the main one is improved security.
While NFT market has been plagued with external and internal attacks on NFT creators and holders. ERC721R takes into account one of the most prominent type of attacks and proposes a solution to the problem.
First and foremost, we have to note that the implementation in question is the ERC712R by Exo digital labs, and not the ERC721R.

The latter version mints tokens with pseudo-random IP addresses which resulted in an exploit because of an non-secure random usage.
The ERC712R repository that’s being reviewed here, adds a refund option. With the goal of adding this feature to both the ERC721 and ERC1155 standards.
According to the implementation documentation, refund is one of the elements of bringing accountability to the NFT ecosystem and a way to protect users from rugpulls. The refund system added to this version of the standard is trustless.
After minting an NFT in a collection created with ERC721R, the funds are held in escrow by the smart contract. As long as the funds remain in escrow, they can’t be withdrawn by the NFT creator. During this time, the buyer can return the NFT and get their money back. 
In case a rugpull happens, the buyers can receive a full refund minus the gas transaction costs, if the waiting period isn’t over.

During the audit we’ve discovered 3 low severity issues related to gas optimization recommendations, parameter validation and recommendations on event usage.

0xGuard specializes in auditing various smart contracts and standard implementations related to the decentralized market.