Update EIP-6454: Extend Security Considerations

Merged by EIP-Bot.
ethereum · Apr 21, 2023 · 4f24b61 · 4f24b61
1 parent 70d8578
commit 4f24b61
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/EIPS/eip-6454.md b/EIPS/eip-6454.md
@@ -104,6 +104,10 @@ See [`ERC721NonTransferableMock.sol`](../assets/eip-6454/contracts/mocks/ERC721N
 
 The same security considerations as with [ERC-721](./eip-721.md) apply: hidden logic may be present in any of the functions, including burn, add asset, accept asset, and more.
 
+A smart contract can implement the proposal interface but returns fraudulent values, i.e., returning `true` for `isNotTransferable` when the token is transferable. Such a contract would trick other contracts into thinking that the token is non-transferable when it is transferable. If such a contract exists, we suggest not interacting with it. Much like fraudulent [ERC-20](./eip-20.md) or [ERC-721](./eip-721.md) smart contracts, it is not possible to prevent such contracts from existing. We suggest that you verify all of the external smart contracts you interact with and not interact with contracts you do not trust.
+
+Since the non-transferable state can change over time, verifying that the state of the token is non-transferable before interacting with it is essential. Therefore, a dApp, marketplace, or wallet implementing this interface should verify the state of the token every time the token is displayed.
+
 Caution is advised when dealing with non-audited contracts.
 
 ## Copyright