ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unimplemented function `erc1155Metadata`

0xrakesh_ummadi28

Summary

The erc1155Metadata function within the TokenUtil library is currently unimplemented, returning an empty string instead of providing meaningful metadata for ERC1155 tokens.

Vulnerability Details

Location : https://github.com/Cyfrin/2024-07-ark-project/blob/273b7b94986d3914d5ee737c99a59ec8728b1517/apps/blockchain/ethereum/src/token/TokenUtil.sol#L113

Code:
The issue is located in the erc1155Metadata function of the TokenUtil library:

function erc1155Metadata(

address collection

)

internal

view

returns (string memory)

{

return "";

}

Description:
The function is supposed to retrieve metadata from ERC1155 tokens. However, it is currently unimplemented and simply returns an empty string. This missing implementation means that any contract or application relying on this function will not be able to access the metadata of ERC1155 tokens.

Impact

The absence of metadata retrieval impacts the ability of applications to display token details. This can affect user experience and limit certain functionalities, such as viewing detailed information about ERC1155 tokens in user interfaces.

Tools Used

Manual Code Review

Recommendations

To properly implement the erc1155Metadata function, the following steps should be taken:

Use ERC165Checker to determine if the provided contract supports the IERC1155MetadataURI interface.
If the contract supports metadata, retrieve and return the base URI.
If the contract does not support the IERC1155MetadataURI interface, return an empty string or handle accordingly.

Corrected Code:

function erc1155Metadata(

address collection

)

internal

view

returns (string memory)

{

bool supportsMetadata = ERC165Checker.supportsInterface(

collection,

type(IERC1155MetadataURI).interfaceId

);

if (!supportsMetadata) {

return "";

} else {

// Retrieve the base URI for the ERC1155 token

return IERC1155MetadataURI(collection).uri(0);

}

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

invalid-ERC1155-not-in-scope

```compatibilities: Blockchains: - Ethereum/Starknet Tokens: - [ERC721](www.tokenstandard.com) ``` ``` function depositTokens( uint256 salt, address collectionL1, snaddress ownerL2, uint256[] calldata ids, bool useAutoBurn ) external payable { if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) { revert CairoWrapError(); } if (!_enabled) { revert BridgeNotEnabledError(); } CollectionType ctype = TokenUtil.detectInterface(collectionL1); if (ctype == CollectionType.ERC1155) { @> revert NotSupportedYetError(); } … } ```

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.