Submission Details
Severity:
Incorrect return for `ERC721Facet::supportsInterface`
Summary
ERC721Facet::supportsInterface returns true for not supported interfaces.
Vulnerability Details
In Diamond.sol constructor, includes 4 interfaces id in the DiamondStorage supportedInterfaces mapping.
File: contracts/Diamond.sol
// adding ERC165 data
ds.supportedInterfaces[type(IERC165).interfaceId] = true;
ds.supportedInterfaces[type(IDiamondCut).interfaceId] = true;
ds.supportedInterfaces[type(IDiamondLoupe).interfaceId] = true;
ds.supportedInterfaces[type(IERC721).interfaceId] = true;
Which is only read from in:
File: contracts/ERC721Facet.sol
// This implements ERC-165 (copied from DiamondLoupeFacet.sol)
function supportsInterface(bytes4 _interfaceId) external view returns (bool) {
LibDiamond.DiamondStorage storage ds = LibDiamond.diamondStorage();
return ds.supportedInterfaces[_interfaceId];
}
Impact
This may make thing inheriting or reading contracts to expect function calls to IDiamondCut and IDiamondLoupe functions to succeed, but they're not implemented.
Tools Used
Manual review.
Recommendations
Remove unsupported interfaces in ERC721Facet.sol:
File: contracts/Diamond.sol
// adding ERC165 data
ds.supportedInterfaces[type(IERC165).interfaceId] = true;
- ds.supportedInterfaces[type(IDiamondCut).interfaceId] = true;
- ds.supportedInterfaces[type(IDiamondLoupe).interfaceId] = true;
ds.supportedInterfaces[type(IERC721).interfaceId] = true;
Prize pool breakdown
Total prize
55,000 USDC
nSLOC
3,36516 USDC / LOC
50,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.