ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Attackers can bypass ERC1155 metadata checks in `TokenUtil::erc1155Metadata()`

4gontuk

Summary

Vulnerability Detail

The TokenUtil library provides utility functions for handling different token standards, including ERC721 and ERC1155. One of its key functions is erc1155Metadata(), which is intended to retrieve metadata from ERC1155 tokens. However, the current implementation of this function is severely flawed, potentially allowing attackers to bypass important checks and manipulate the metadata retrieval process.

The erc1155Metadata() function is designed to check if a given collection address supports the ERC1155 metadata interface and then return the appropriate metadata. However, the current implementation always returns an empty string, regardless of the input:

function erc1155Metadata(

address collection

)

internal

view

returns (string memory)

{

return "";

// ... commented out code ...

}

This implementation effectively nullifies any checks or validations that should be performed on the ERC1155 token contract. As a result, any system relying on this function to validate or retrieve ERC1155 metadata will receive an empty string, potentially leading to incorrect assumptions about the token's properties or capabilities.

Impact

The impact of this issue is significant. Systems relying on the erc1155Metadata() function to validate or retrieve ERC1155 token metadata will receive no useful information, potentially leading to:

Incorrect validation of ERC1155 tokens, allowing non-compliant or malicious contracts to be treated as valid ERC1155 tokens.
Failure to retrieve essential metadata, which could affect token display, functionality, or integration with other systems.

Tools Used

Manual review

Recommended Mitigation Steps

The erc1155Metadata() function should be properly implemented to perform the necessary checks and retrieve the actual metadata. Here's a suggested fix:

function erc1155Metadata(

address collection,

uint256 tokenId

)

internal

view

returns (string memory)

{

bool supportsMetadata = ERC165Checker.supportsInterface(

collection,

type(IERC1155MetadataURI).interfaceId

);

if (!supportsMetadata) {

return "";

} else {

IERC1155MetadataURI metadataContract = IERC1155MetadataURI(collection);

return metadataContract.uri(tokenId);

}

This implementation:

Checks if the contract supports the IERC1155MetadataURI interface.
If supported, it retrieves and returns the URI for the specified token ID.
If not supported, it returns an empty string, maintaining the current behavior for non-compliant contracts.

Updates

Lead Judging Commences

n0kto Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

invalid-ERC1155-not-in-scope

```compatibilities: Blockchains: - Ethereum/Starknet Tokens: - [ERC721](www.tokenstandard.com) ``` ``` function depositTokens( uint256 salt, address collectionL1, snaddress ownerL2, uint256[] calldata ids, bool useAutoBurn ) external payable { if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) { revert CairoWrapError(); } if (!_enabled) { revert BridgeNotEnabledError(); } CollectionType ctype = TokenUtil.detectInterface(collectionL1); if (ctype == CollectionType.ERC1155) { @> revert NotSupportedYetError(); } … } ```

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.