Assumption of Tokens standard to be erc1155
Summary
The function depositTokens assumes that any non-ERC-721 token is an ERC-1155 token without explicitly checking for other possible standards, such as ERC-2981.
Vulnerability Details
The code uses the TokenUtil.detectInterface function to determine the type of token standard (ERC-721 or ERC-1155) for the collectionL1 contract. However, it only checks if the detected type is ERC-721 and proceeds to handle all other cases as if they were ERC-1155 tokens.
The code does not explicitly check for ERC-1155 and assumes that any non-ERC-721 token can be handled using ERC-1155 methods. This could lead to errors, such as attempting to retrieve ERC-1155 metadata for a token that does not conform to the ERC-1155 standard.
Impact
Attempting to retrieve metadata for an ERC-1155 token when the token is not actually ERC-1155 could cause the function to revert.
Tools Used
Manual Code Review
Recommendations
Modify the code to explicitly check if the ctype is ERC-1155 before handling it. If the ctype is neither ERC-721 nor ERC-1155, the function should revert with an appropriate error.
Lead Judging Commences
invalid-tokens-with-other-standards-will-be-treated-like-ERC1155
No impact on the bridge or the users. If any NFT protocol use another standard with that bridge, they have to know how the bridge works and also that it doesn’t work with other standards at the moment.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.