DittoETH

Ditto
DeFiFoundryOracle
55,000 USDC
View results
Submission Details
Severity: low
Invalid

Incorrect return for `ERC721Facet::supportsInterface`

Summary

ERC721Facet::supportsInterface returns true for not supported interfaces.

Vulnerability Details

In Diamond.sol constructor, includes 4 interfaces id in the DiamondStorage supportedInterfaces mapping.

File: contracts/Diamond.sol
// adding ERC165 data
ds.supportedInterfaces[type(IERC165).interfaceId] = true;
ds.supportedInterfaces[type(IDiamondCut).interfaceId] = true;
ds.supportedInterfaces[type(IDiamondLoupe).interfaceId] = true;
ds.supportedInterfaces[type(IERC721).interfaceId] = true;

Which is only read from in:

File: contracts/ERC721Facet.sol
// This implements ERC-165 (copied from DiamondLoupeFacet.sol)
function supportsInterface(bytes4 _interfaceId) external view returns (bool) {
LibDiamond.DiamondStorage storage ds = LibDiamond.diamondStorage();
return ds.supportedInterfaces[_interfaceId];
}

Impact

This may make thing inheriting or reading contracts to expect function calls to IDiamondCut and IDiamondLoupe functions to succeed, but they're not implemented.

Tools Used

Manual review.

Recommendations

Remove unsupported interfaces in ERC721Facet.sol:

File: contracts/Diamond.sol
// adding ERC165 data
ds.supportedInterfaces[type(IERC165).interfaceId] = true;
- ds.supportedInterfaces[type(IDiamondCut).interfaceId] = true;
- ds.supportedInterfaces[type(IDiamondLoupe).interfaceId] = true;
ds.supportedInterfaces[type(IERC721).interfaceId] = true;
Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.