Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing `supportsInterface(bytes4)` function to check for the `ERC-4494` interface in `TokenSupportFacet.sol`

0xshoonya

Summary

TokenSupportFacet.sol aims to support ERC-721 token permits. However, it does not fully comply with the ERC-4494 specification for ERC-721 permits, as it lacks the required implementation of the supportsInterface function to check for the ERC-4494 interface.

Vulnerability Details

TokenSupportFacet.sol is used to Permit ERC-20 and ERC-721 tokens and transfer ERC-721 and ERC-1155 tokens.

To execute a permit for an ERC-721 token it uses the function permitERC721 from EIP-4494.

function permitERC721(

IERC4494 token,

address spender,

uint256 tokenId,

uint256 deadline,

bytes memory sig

) external payable fundsSafu noNetFlow noSupplyChange {

token.permit(spender, tokenId, deadline, sig);

}

EIP-4494 which deals with ERC-721 token permits requires ERC-165 compliance and EIP-165 is already required in ERC-721 (Openzeppelin implementaion).

abstract contract ERC721 is Context, ERC165, IERC721, IERC721Metadata, IERC721Errors {

This allows for easy verification if an NFT contract has implemented this EIP, enabling appropriate interactions.

The issue is that EIP-4494 also states that contracts implementing this EIP MUST have the supportsInterface function return true when called with 0x5604e225, indicating support for this EIP. This function is missing in the current implementation.

Impact

Medium. As such contract is not compliant with ERC-4494 because it lacks the supportsInterface function which return true when called with the interface of this EIP. It can lead to issues with the intended functionality of ERC-721 permits

Tools Used

VS Code

Recommendations

Implement a supportsInterface(bytes4) function strictly according to EIP-4494 which returns true when called with 0x5604e225.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational/Gas

Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

`supportInterface` not implemented for EIP4494

Appeal created

0xshoonya Submitter

over 1 year ago

inallhonesty Lead Judge

over 1 year ago

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational/Gas

Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

`supportInterface` not implemented for EIP4494

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.