Hi, I coded an NFT marketplace contract, it works in a way that the User deposits the NFT into the contract and with that creates an Order (can call cancel function anytime and the token will get sent back). In order to be able to receive the token tho I had to implement the ERC721Holder extension.
It all works fine but my question is - now the contract can receive any ERC721 right .. so it can get flooded with different tokens, or somehow someone can actually even mistakenly send the tokens meant for sale regularly into the contract through Transfer, I know the chance is tiny but gotta count with everything.
Is there a way to limit this? That the contract can receive tokens only through a specific function for example?
It would be ideal if a user that wants to sell tokens through the marketplace had to go through the createOrder method and therefore through the official deposit method instead of the contract just accepting anything anyhow.
Thank you