claimForgottenParcel allows anyone to steal "forgotten" parcels

Question

Closed this issue 7 years ago · 1 comments

I am still new to Solidity so forgive me if I missed something obvious but....

In LAND.sol -> claimForgottenParcel there is no verification other than that the token is already owned and it hasn't been pinged in over a year.

Anyone can claim forgotten tokens for free? Or is it supposed to "require(msg.sender == claimContract);"?

Answer 1 · 2017-10-03T22:46:58.000Z

Thanks! Yes, require(msg.sender == claimContract) as you suggested is the way to go!