Non-Compliance with `ERC-4494` Specification Due to Missing Functions in `TokenSupportFacet.sol`
Summary
The TokenSupportFacet.sol file, which aims to implement the ERC-4494 specification for ERC-721 permits, is currently incomplete. It includes the permit function but is missing the required nonces and DOMAIN_SEPARATOR functions, leading to non-compliance with the ERC-4494 standard.
Vulnerability Details
According to the ERC-4494 specification which is used for ERC-721 permits, the smart contracts that are implementing it MUST have three new functions be added to ERC-721. These are:
Here, noncesreturns the nonce of an NFT which is useful for creating permits and DOMAIN_SEPERATOR returns the domain separator used in the encoding of the signature for permits, as defined by EIP-712
But TokenSupportFacet.sol which implements this EIP only have permit function while the nonces and DOMAIN_SEPERATOR functions are missing.
The permit function in TokenSupportFacet.sol is as follows:
There is no implementation of other two critical functions currently in the contract.
Impact
Medium: The contract is not compliant with the EIP-4494 specifications because it lacks implementations of the nonces and DOMAIN_SEPARATOR functions. This non-compliance can lead to issues with the intended functionality of ERC-721 permits and may cause integration problems with other systems that expect a fully compliant implementation.
Tools Used
Manual Review
Recommendations
Add the implementation of nonces and DOMAIN_SEPERATOR functions as mentioned in EIP-4494
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.