From the EIP’s Security Concerns section: There are no security considerations related directly to the implementation of this standard.
It might be worth mentioning some critical, relevant security concerns in the EIP. For instance:
- The contract should have proper access controls to ensure that only authorized parties (e.g. the contract owner) can lock or unlock tokens.
- Care should be taken to ensure that the locking function cannot be called multiple times on the same token, as this could potentially lead to the token being permanently locked by an attacker.
- The contract should have a mechanism to handle emergency situations, such as a way to unlock the token in case the original owner loses access to their account.
- It’s important to also consider the security of the EIP-165 and EIP-721 that this EIP is based on.
I get that these mostly aren’t “directly” related to the functionality of the extension, but the extension only works if there’s a locking function added to the NFT contract. That locking function is probably getting written at the same time as this extension is getting implemented, so it might be worth calling out the key security concerns.