From f979658d420c1ca822be048a18681e3510c2f81d Mon Sep 17 00:00:00 2001
From: jtfirek <firekjt@gmail.com>
Date: Tue, 8 Oct 2024 17:10:04 -0500
Subject: [PATCH] _beforeTokenTransfer auditor suggestion

---
 src/WithdrawRequestNFT.sol    |  9 ++++++---
 test/WithdrawRequestNFT.t.sol | 11 +----------
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/src/WithdrawRequestNFT.sol b/src/WithdrawRequestNFT.sol
index 403da1a7..217e85bd 100644
--- a/src/WithdrawRequestNFT.sol
+++ b/src/WithdrawRequestNFT.sol
@@ -370,9 +370,12 @@ contract WithdrawRequestNFT is ERC721Upgradeable, UUPSUpgradeable, OwnableUpgrad
 
     // invalid NFTs is non-transferable except for the case they are being burnt by the owner via `seizeInvalidRequest`
     function _beforeTokenTransfer(address /*from*/, address /*to*/, uint256 firstTokenId, uint256 batchSize) internal view override {
-        for (uint256 i = 0; i < batchSize; i++) {
-            uint256 tokenId = firstTokenId + i;
-            require(_requests[tokenId].isValid || msg.sender == owner(), "INVALID_REQUEST");
+        if (msg.sender != owner()) {
+            // if not called by the contract owner, only allow transfers of valid NFTs
+            for (uint256 i = 0; i < batchSize; i++) {
+                uint256 tokenId = firstTokenId + i;
+                require(_requests[tokenId].isValid, "INVALID_REQUEST");
+            }
         }
     }
 
diff --git a/test/WithdrawRequestNFT.t.sol b/test/WithdrawRequestNFT.t.sol
index 5ac84705..e74b7ea4 100644
--- a/test/WithdrawRequestNFT.t.sol
+++ b/test/WithdrawRequestNFT.t.sol
@@ -311,24 +311,15 @@ contract WithdrawRequestNFTTest is TestSetup {
         assertEq(eETHInstance.balanceOf(address(withdrawRequestNFTInstance)), 8);
         // Within `LP.requestWithdraw`
         // - `share` is calculated by `sharesForAmount` as (9 * 98) / 100 = 8.82 ---> (rounded down to) 8
-
-        uint256 dustSharesBefore = withdrawRequestNFTInstance.getAccumulatedDustEEthAmount();
-        console.log("dustSharesBefore: ", dustSharesBefore);
-
+        
         vm.prank(address(membershipManagerInstance));
         liquidityPoolInstance.rebase(2);
 
         _finalizeWithdrawalRequest(requestId);
 
-        uint256 dustSharesAfter = withdrawRequestNFTInstance.getAccumulatedDustEEthAmount();
-        console.log("dustSharesAfter: ", dustSharesAfter);
-
         vm.prank(bob);
         withdrawRequestNFTInstance.claimWithdraw(requestId, 1);
 
-        uint256 dustSharesAfter2 = withdrawRequestNFTInstance.getAccumulatedDustEEthAmount();
-        console.log("dustSharesAfter2: ", dustSharesAfter2);
-
         // Within `claimWithdraw`,
         // - `request.amountOfEEth` is 9
         // - `amountForShares` is (8 * 100) / 98 = 8.16 ---> (rounded down to) 8