It adds its own types and finally calls the supper method for the inherited methods. However, it overrides 2 different interfaces, thus the supper is called only on the most right override (IERC165), making it lose the values returned from OFTCore:
function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) {
return interfaceId == type(IOFTCore).interfaceId || super.supportsInterface(interfaceId);
}
HonorLt
medium
OFT abandons OFTCore supported interfaces
Summary
Contract
OFT
incorrectly overrides thesupportsInterface
function making some of the supported values return false.Vulnerability Detail
OFT
overrridessupportsInterface
fromOFTCore
andIERC165
:It adds its own types and finally calls the supper method for the inherited methods. However, it overrides 2 different interfaces, thus the supper is called only on the most right override (
IERC165
), making it lose the values returned fromOFTCore
:For more context, here is a Twitter thread warning about similar issues: https://twitter.com/0xCygaar/status/1604226205724553216?s=20
Impact
Other contracts that rely on introspection values might treat the contract as incompatible even though it implements the necessary functions.
Code Snippet
Proof of concept:
OFT
.supportsInterface
with all three values (typeA
,typeB
,typeOFT
) and see the results.typeA
should return false, others true.https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/external/layer-zero/token/oft/OFT.sol#L14-L16
Tool used
Manual Review
Recommendation
Consider fixing the inheritance tree to correctly account for all the supported interfaces or manually include all of them.