abstract contract LSP8CappedSupply is LSP8IdentifiableDigitalAsset {
Additionally, the LSP8BurnableInitAbstract.sol file is missing in the repository.
Impact
As LSP8Burnable does not inherit LSP8IdentifiableDigitalAsset, a developer who implements his LSP8 token using LSP8Burnable will face the following issues:
All functionality from LSP4DigitalAssetMetadata will be unavailable.
As LSP8Burnable does not contain a supportsInterface() function, it will be incompatible with contracts that use ERC-165.
Recommended Mitigation
The LSP8Burnable contract should inherit LSP8IdentifiableDigitalAsset instead:
Lines of code
https://github.com/code-423n4/2023-06-lukso/blob/main/contracts/LSP8IdentifiableDigitalAsset/extensions/LSP8Burnable.sol#L15
Vulnerability details
Bug Description
The
LSP8Burnable
contract inherits fromLSP8IdentifiableDigitalAssetCore
:LSP8Burnable.sol#L15
However, LSP8 extensions are supposed to inherit
LSP8IdentifiableDigitalAsset
instead. This can be inferred by looking atLSP8CappedSupply.sol
,LSP8CompatibleERC721.sol
andLSP8Enumerable.sol
:LSP8CappedSupply.sol#L13
Additionally, the
LSP8BurnableInitAbstract.sol
file is missing in the repository.Impact
As
LSP8Burnable
does not inheritLSP8IdentifiableDigitalAsset
, a developer who implements his LSP8 token usingLSP8Burnable
will face the following issues:LSP4DigitalAssetMetadata
will be unavailable.LSP8Burnable
does not contain asupportsInterface()
function, it will be incompatible with contracts that use ERC-165.Recommended Mitigation
The
LSP8Burnable
contract should inheritLSP8IdentifiableDigitalAsset
instead:LSP8Burnable.sol#L15
Secondly, add a
LSP8BurnableInitAbstract.sol
file that contains an implementation ofLSP8Burnable
which can be used in proxies.Assessed type
Other