Version affected: v3.0.0
Deployment version: CMTAT Allowlist
Severity: Low
Fix: v3.1.0
Reported by: Certik
In the CMTATBaseAllowlist contract, the canTransfer() and canTransferFrom() functions validate whether a token
transfer meets the required conditions and can be executed.
Based on the execution flow of these functions, _canTransferGenericByModule function calls the _canMintBurnByModule
function from the ValidationModuleAllowlist contract, which first checks the contract’s allow list status and then invokes
the ValidationModule contract to validate the user’s frozen status and the contract’s paused status.
In the CMTATBaseAllowlist contract, the
canTransfer()andcanTransferFrom()functions validate whether a tokentransfer meets the required conditions and can be executed.
Based on the execution flow of these functions,
_canTransferGenericByModulefunction calls the_canMintBurnByModulefunction from the
ValidationModuleAllowlistcontract, which first checks the contract’s allow list status and then invokesthe ValidationModule contract to validate the user’s frozen status and the contract’s paused status.