search

code-423n4 / 2023-06-lukso-findings

3 stars 1 forks source link

Incorrect Interface ID for LSP14 #101

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP14Ownable2Step/LSP14Constants.sol#L4

Vulnerability details

Impact

Contracts that use type(ILSP14Ownable2Step).interfaceId, such as when implementing IERC165.supportsInterface(), will use a value different from the current standard.

Proof of Concept

The interface ID of LSP14 is stated to be 0x94be5999. However, the interface ID of ILSP14Ownable2Step is 0x191b92c2. This is because ILSP14Ownable2Step does not contain the function owner().

Tools Used

Manual

Recommended Mitigation Steps

As other standards, such as LSP0 and LSP9, assume the interface ID of LSP14 is 0x94be5999, it is recommended to add the function owner() to ILSP14Ownable2Step.

Assessed type

Context

c4-pre-sort commented 1 year ago

minhquanym marked the issue as primary issue

minhquanym commented 1 year ago

Grouping all issues related to interface ID mismatch

c4-sponsor commented 1 year ago

CJ42 marked the issue as sponsor disputed

CJ42 commented 1 year ago

the bytes4 interface id is correct according to the specs.

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Insufficient proof

c4-judge commented 1 year ago

trust1995 marked issue #122 as primary and marked this issue as a duplicate of 122