search

code-423n4 / 2023-11-shellprotocol-findings

7 stars 7 forks source link

`OceanAdapter` impelements `onERC1155Received()` but not `onERC1155BatchReceived()` or `supportsInterface()` #265

Closed c4-bot-9 closed 9 months ago

c4-bot-9 commented 9 months ago

Lines of code

https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/adapters/OceanAdapter.sol#L14

Vulnerability details

EIP1155 Standard states compliant contracts must implement the support for the ERC1155TokenReceiver interface which has both onERC1155Received() and onERC1155BatchReceived(): https://eips.ethereum.org/EIPS/eip-1155#erc-1155-token-receiver

Also note: "Smart contracts MUST implement the ERC-165 supportsInterface function and signify support for the ERC1155TokenReceiver interface to accept transfers."

supportsInterface() is not defined on OceanAdapter contract.

Impact

This contract is not ERC1155 compliant and may reject tokens when trying to transfer to this contract.

Recommended Mitigation Steps

Ensure the contract impelments the ERC1155 to spec or completely remove it's functionality from this contract (i.e.: remove the onERC1155Received() function.)

Assessed type

Other

c4-pre-sort commented 9 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 9 months ago

raymondfam marked the issue as duplicate of #58

c4-judge commented 9 months ago

0xA5DF changed the severity to QA (Quality Assurance)

c4-judge commented 9 months ago

0xA5DF marked the issue as grade-c

0xA5DF commented 9 months ago

Low quantity