Closed code423n4 closed 1 year ago
Picodes marked the issue as primary issue
I may have missed it, but up to my knowledge, the totalSupply
version for ERC1155 you are referring is what OpenZeppelin
designed but is not part of the EIP. In this case, it'd not be a valid medium finding.
vhawk19 marked the issue as sponsor disputed
Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-01-timeswap/blob/main/packages/v2-token/src/base/ERC1155Enumerable.sol#L36-L37
Vulnerability details
Impact
In
ERC1155Enumerable.sol#L36-L37
line,totalsuppyl()
of ERC1155 is calculatedHowever, this design is of ERC777, not ERC1155
ERC721 is suitable for one-of-a-kind NFTs while ERC1155 is suitable for multiple assets that can be combined and divided
The correct ERC1155 Enumerable
totalSupply()
design is as follows;Due to faulty design
totalSupply()
will malfunction and will produce a very important function incorrect figureIn an ERC1155 token contract, the
totalSupply()
function is used to return the total number of all unique tokens that have been minted for all class of assets in the contract. This function is important because it allows for tracking the total number of NFTs and fungible tokens that have been minted, which can be useful for a variety of purposes such as for tracking the total number of tokens for a particular series, or to ensure that the total number of tokens minted does not exceed a certain limit.Additionally, this function can be used to check the total supply of a specific class of assets, such as all the gold tokens that have been minted. This can be useful for trading, accounting or other purposes
Recommended Mitigation Steps
Add
totalsupply()
function in ERC1155 architecture as mentioned above