Summary

TokenSupportFacet.sol aims to support ERC-721 token permits. However, it does not fully comply with the ERC-4494 specification for ERC-721 permits, as it lacks the required implementation of the supportsInterface function to check for the ERC-4494 interface.

Vulnerability Details

TokenSupportFacet.sol is used to Permit ERC-20 and ERC-721 tokens and transfer ERC-721 and ERC-1155 tokens.

To execute a permit for an ERC-721 token it uses the function permitERC721 from EIP-4494.

EIP-4494 which deals with ERC-721 token permits requires ERC-165 compliance and EIP-165 is already required in ERC-721 (Openzeppelin implementaion).

This allows for easy verification if an NFT contract has implemented this EIP, enabling appropriate interactions.

The issue is that EIP-4494 also states that contracts implementing this EIP MUST have the supportsInterface function return true when called with 0x5604e225, indicating support for this EIP. This function is missing in the current implementation.

Impact

Medium. As such contract is not compliant with ERC-4494 because it lacks the supportsInterface function which return true when called with the interface of this EIP. It can lead to issues with the intended functionality of ERC-721 permits

Tools Used

VS Code

Recommendations

Implement a supportsInterface(bytes4) function strictly according to EIP-4494 which returns true when called with 0x5604e225.