The README explicitly states that the code is meant to be ERC1155 compliant. Yet the carousel breaks that compliance by restricting safeBatchTransferFrom.
Vulnerability Detail
The safeBatchTransferFrom is not implemented and will always revert:
function safeBatchTransferFrom(
address, /*from*/
address, /*to*/
uint256[] memory, /*ids*/
uint256[] memory, /*amounts*/
bytes memory /*data*/
) public pure override {
revert();
}
This can break compatibility with other protocols that rely on the safeBatchTransferFrom function being available.
Impact
Breaking composability and compatibility with other protocols.
minhtrng
medium
Non ERC1155 compliance
Summary
The README explicitly states that the code is meant to be ERC1155 compliant. Yet the carousel breaks that compliance by restricting
safeBatchTransferFrom.Vulnerability Detail
The
safeBatchTransferFromis not implemented and will always revert:This can break compatibility with other protocols that rely on the safeBatchTransferFrom function being available.
Impact
Breaking composability and compatibility with other protocols.
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/ae7f210d8fbf21b9abf09ef30edfa548f7ae1aef/Earthquake/src/v2/Carousel/Carousel.sol#L225
Tool used
Manual Review
Recommendation
Implement the
safeBatchTransferFromfunction. If there are any issues arising from it, mitigate them in ways that dont break the EIP1155 standard.Duplicate of #15