Summary
The frontend (Example 01) uses standard ERC-721 transferFrom for the transfer action in AgenticIDCard.tsx:155-163, but the contract only clears authorized users inside iTransferFrom() (AgenticID.sol:116-136). This means the UI can transfer token ownership while leaving stale authorized users attached to the token.
Actual behavior
After transferring a token via the UI, authorizedUsersOf(tokenId) still returns the pre-transfer authorized user list. The new owner inherits stale authorizations from the previous owner.
Confirmed on local Hardhat:
before transfer authorized users: 1
after transfer authorized users: 1
after transfer is bob authorized: true
Expected behavior
Token transfer should clear all authorized users, as documented in Example 02's walkthrough and the README's Key Concepts table.
Repro notes
- Example 01 frontend, connect wallet, mint token, authorize a user, then transfer via the Transfer tab
- Alternatively, call
transferFrom directly on the contract and check authorizedUsersOf after
Proposed fix
Change AgenticIDCard.tsx to call iTransferFrom with placeholder proofs (matching what Example 02's script already does), or override _update() in the contract to clear authorizations on any transfer path.
Summary
The frontend (Example 01) uses standard ERC-721
transferFromfor the transfer action inAgenticIDCard.tsx:155-163, but the contract only clears authorized users insideiTransferFrom()(AgenticID.sol:116-136). This means the UI can transfer token ownership while leaving stale authorized users attached to the token.Actual behavior
After transferring a token via the UI,
authorizedUsersOf(tokenId)still returns the pre-transfer authorized user list. The new owner inherits stale authorizations from the previous owner.Confirmed on local Hardhat:
Expected behavior
Token transfer should clear all authorized users, as documented in Example 02's walkthrough and the README's Key Concepts table.
Repro notes
transferFromdirectly on the contract and checkauthorizedUsersOfafterProposed fix
Change
AgenticIDCard.tsxto calliTransferFromwith placeholder proofs (matching what Example 02's script already does), or override_update()in the contract to clear authorizations on any transfer path.