First Flight #9: Soulmate

Summary

Soulmate contract allows minting of NFT to soulmates but doesn't support transferring of NFT, and the Soulmate::transferFrom is overridden to always revert and doesn't support NFT transfers but other protocols interacting with Soulmate::supportsInterface will return wrong values as Soulmate contract doesn't support transferFrom.

Vulnerability Details

The Soulmate contract doesn't support the mandatory function of ERC721 contract and thus the actual interface id for Soulmate contract for ERC721 will not be 0x80ac58cd.

Thus, other protocol interacting with Soulmate contract by checking with Soulmate::supportsInterface will return true for interface id 0x80ac58cd but actually our Soulmate contract doesn't support the transferFrom function and all the other functions which are dependent on it, therefore the corresponding ERC721 interface id for Soulmate contract should be updated accordingly without considering the transferFrom function and other functions depending on it.

Impact

• Soulmate::supportsInterface will return true for interfaceId 0x80ac58cd even though transferFrom is not supported.

• Other protocol interacting with Soulmate contract will get wrong values when they call supportsInterface and they will face reverts as a result of getting incorrect values.

Tools Used

Manual Review

Recommendations

Override the supportsInterface function and change the interface id from 0x80ac58cd to 0x591d4bc0.
Here, the interface id 0x591d4bc0 is obtained by discarding the function transferFrom and the other functions which are dependent on it, which are:

• safeTransferFrom(address, address, uint256, bytes)

• safeTransferFrom(address, address, uint256)

Override the supportsInterface function inside Soulmate contract