Closed c4-bot-5 closed 10 months ago
Checks is in place in the parental OceanERC1155.sol of Ocean.sol:
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/ocean/OceanERC1155.sol#L89-L95
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
I think the warden is right about this one, the function implements IERC721TokenReceiver
but this isn't reflected in the supportInterface()
function.
I'd like to get your comment on this please, @viraj124
I think we can mark this as low or qa since at this point we don't have any erc721 adapters which would need to integrate with the ocean
viraj124 marked the issue as disagree with severity
viraj124 (sponsor) acknowledged
0xA5DF changed the severity to QA (Quality Assurance)
There's an open org issue regarding ERC165, I tend to agree this should be low. Marking this as low, unless any additional impact is proven.
0xA5DF marked the issue as grade-c
Low quantity
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/main/src/ocean/OceanERC1155.sol#L393-L395 https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/Ocean.sol#L79 https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/lib/forge-std/src/interfaces/IERC721.sol#L104
Vulnerability details
Impact
Contracts checking for the
IERC721TokenReceiver
interface with thesupportsInterface()
function will get a false return value.Proof of Concept
On the contest page it is written that: "The Ocean should conform to all standards that its code claims to (ERC-1155, ERC-165)"
The ERC165 is a standard method to publish and detect what interfaces a smart contract implement according to the specification here: https://eips.ethereum.org/EIPS/eip-165
The Ocean.sol smart contract implements the
IERC721TokenReceiver
interface but does not indicate that with thesupportsInterface()
function.As you can see in the comment of the code below: the ERC-165 identifier for the
IERC721TokenReceiver
interface is 0x150b7a02Tools Used
EIP165 specification: https://eips.ethereum.org/EIPS/eip-165
Recommended Mitigation Steps
Consider adding the check for
type(IERC721Receiver).interfaceId
in the supportsInterface function like this.Assessed type
Other