search

code-423n4 / 2022-07-fractional-findings

0 stars 0 forks source link

The `FERC1155.sol` don't respect the EIP2981 #544

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-07-fractional/blob/main/src/FERC1155.sol#L31-L34

Vulnerability details

Impact

The EIP-2981: NFT Royalty Standard implementation is incomplete, missing the implementation of function supportsInterface(bytes4 interfaceID) external view returns (bool); from the EIP-165: Standard Interface Detection

Proof of Concept

A marketplace implemented royalties could check if the NFT have royalties, but if don't add the interface of ERC2981 on the _registerInterface, the marketplace can't know if this NFT haves

Tools Used

Manual Review

Recommended Mitigation Steps

Like in solmate ERC1155.sol add the ERC2981 interfaceId on the FERC1155 contract

    /*//////////////////////////////////////////////////////////////
                              ERC165 LOGIC
    //////////////////////////////////////////////////////////////*/

    function supportsInterface(bytes4 interfaceId) public view  override returns (bool) {
        return
            super.supportsInterface(interfaceId) ||
            interfaceId == 0x2a55205a; // ERC165 Interface ID for ERC2981
    }
HardlyDifficult commented 2 years ago

The contract implements the ERC2981 getter but does not register it as a 165 interface. Agree with the warden that this is a Medium risk issue. This is a function of the protocol and it may not work with many external marketplaces because it does not yet follow the standard as expected.