jeffywu
commented
3 years ago Callbacks are required as part of the ERC1155 spec. Duplicate #62. Severity should be Low or Non Critical.
Open code423n4 opened 3 years ago
jeffywu
commented
3 years ago Callbacks are required as part of the ERC1155 spec. Duplicate #62. Severity should be Low or Non Critical.
ghoul-sol
commented
3 years ago Duplicate of #62 ergo low risk
Handle
tensors
Vulnerability details
Impact
ERC1155 tokens have a callback on transfer, making reentrancy a possibility. I haven't been able to find any reentrancy, but having extra external function calls isn't safe. If it's necessary to use an ERC1155 there is nothing you can do about it, but otherwise consider just using an ERC20.
Proof of Concept
https://github.com/code-423n4/2021-08-notional/blob/main/contracts/external/actions/ERC1155Action.sol
Recommended Mitigation Steps
Confirm that using tokens with callbacks is really necessary for the protocol to function.