search

code-423n4 / 2023-06-lukso-findings

3 stars 1 forks source link

Incorrect Interface ID for LSP0 #102

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-06-lukso/blob/9dbc96410b3052fc0fd9d423249d1fa42958cae8/contracts/LSP0ERC725Account/LSP0Constants.sol#L5

Vulnerability details

Impact

The interface ID stated for LSP0 in LSP0Constants.sol and LIP-0 is 0x3e89ad98, which will affect related logics.

Proof of Concept

According to LIP-0, this ID is derived from the XOR of the following:

However, the XOR of all of the above is 0x24871b3d. We note that if we remove the LSP20CallVerification standard, then we obtain the stated interface ID of 0x3e89ad98.

Tools Used

Manual

Recommended Mitigation Steps

Change the interface ID of LSP0 if the LSP20CallVerification standard is meant to be included.

Assessed type

Context

c4-pre-sort commented 1 year ago

minhquanym marked the issue as duplicate of #101

c4-judge commented 1 year ago

trust1995 marked the issue as unsatisfactory: Invalid

c4-judge commented 1 year ago

trust1995 marked the issue as satisfactory