Summary
ERC721Facet::supportsInterface
returns true for not supported interfaces.
Vulnerability Details
In Diamond.sol
constructor, includes 4 interfaces id in the DiamondStorage supportedInterfaces
mapping.
File: contracts/Diamond.sol
ds.supportedInterfaces[type(IERC165).interfaceId] = true;
ds.supportedInterfaces[type(IDiamondCut).interfaceId] = true;
ds.supportedInterfaces[type(IDiamondLoupe).interfaceId] = true;
ds.supportedInterfaces[type(IERC721).interfaceId] = true;
Which is only read from in:
File: contracts/ERC721Facet.sol
function supportsInterface(bytes4 _interfaceId) external view returns (bool) {
LibDiamond.DiamondStorage storage ds = LibDiamond.diamondStorage();
return ds.supportedInterfaces[_interfaceId];
}
Impact
This may make thing inheriting or reading contracts to expect function calls to IDiamondCut and IDiamondLoupe functions to succeed, but they're not implemented.
Tools Used
Manual review.
Recommendations
Remove unsupported interfaces in ERC721Facet.sol:
File: contracts/Diamond.sol
// adding ERC165 data
ds.supportedInterfaces[type(IERC165).interfaceId] = true;
- ds.supportedInterfaces[type(IDiamondCut).interfaceId] = true;
- ds.supportedInterfaces[type(IDiamondLoupe).interfaceId] = true;
ds.supportedInterfaces[type(IERC721).interfaceId] = true;