From aed77b55fbcd968be6953cb9f5319295f1ed7f30 Mon Sep 17 00:00:00 2001
From: webcrafters <60077270+webcrafters@users.noreply.github.com>
Date: Thu, 24 Dec 2020 17:02:11 +0200
Subject: [PATCH] Update zombieownership.sol

For our specified use cases, this should help in preventing honest mistakes of users of the contract.

I may invoke transferFrom(A, B, Z) and be the owner of Z, but if A is not my correct address, the code will reduce someone else's zombieCount and also emit a Transfer event that's not accurate in what it says.
---
 lesson-5/chapter-6/zombieownership.sol | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lesson-5/chapter-6/zombieownership.sol b/lesson-5/chapter-6/zombieownership.sol
index 945c820..d621959 100644
--- a/lesson-5/chapter-6/zombieownership.sol
+++ b/lesson-5/chapter-6/zombieownership.sol
@@ -23,7 +23,7 @@ contract ZombieOwnership is ZombieAttack, ERC721 {
   }
 
   function transferFrom(address _from, address _to, uint256 _tokenId) external payable {
-    require (zombieToOwner[_tokenId] == msg.sender || zombieApprovals[_tokenId] == msg.sender);
+    require ((zombieToOwner[_tokenId] == msg.sender && _from == msg.sender) || (zombieApprovals[_tokenId] == msg.sender && _to == msg.sender));
     _transfer(_from, _to, _tokenId);
   }