ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Critical Bug Identified in StarklaneEscrow Contract: Inability to Handle ERC1155 Token Transfers

heim

Summary

During fuzz testing of the StarklaneEscrow contract, a significant bug was identified. The contract failed to handle ERC1155 token transfers correctly, reverting with the message "ERC1155: transfer to non-ERC1155Receiver implementer." This indicates that the StarklaneEscrow contract does not implement the necessary IERC1155Receiver interface, causing all ERC1155 token transfers to fail.

Vulnerability Details

The StarklaneEscrow contract does not implement the IERC1155Receiver interface, which is required to handle incoming ERC1155 token transfers. Without this implementation, the contract reverts any attempt to transfer ERC1155 tokens to it.

The root cause of the issue is the missing implementation of the IERC1155Receiver interface in the StarklaneEscrow contract. This interface defines the necessary functions (onERC1155Received and onERC1155BatchReceived) that a contract must implement to accept ERC1155 tokens.

Proof of Concept (POC)

Here is the Proof of Concept (POC) from the fuzz test that identified the bug:

// Test function to validate ERC1155 handling
function testFuzzERC1155Handling(uint256 amount) public {
vm.assume(amount > 0 && amount <= 10); // Ensure valid minting amount
uint256 initialBalance = erc1155.balanceOf(user, erc1155Id);
vm.startPrank(user);
erc1155.setApprovalForAll(address(escrow), true);
erc1155.safeTransferFrom(user, address(escrow), erc1155Id, amount, "0x");
vm.stopPrank();
uint256 escrowBalance = erc1155.balanceOf(address(escrow), erc1155Id);
uint256 userBalance = erc1155.balanceOf(user, erc1155Id);
// Assert the balances
assertEq(
escrowBalance,
amount,
"Escrow contract should hold the transferred amount of ERC1155 tokens"
);
assertEq(
userBalance,
initialBalance - amount,
"User's balance should be reduced by the transferred amount"
);
}

Error Message

[FAIL. Reason: revert: ERC1155: transfer to non-ERC1155Receiver implementer; counterexample: calldata=0x048fe5b10000000000000000000000000000000000000000000000000000000000000003 args=[3]] testFuzzERC1155Handling(uint256) (runs: 0, μ: 0, ~: 0)

Impact

The impact of this bug is high as it prevents all ERC1155 token transfers to the StarklaneEscrow contract from succeeding. This means the escrow functionality for ERC1155 tokens is completely non-functional until the issue is resolved. Users attempting to deposit ERC1155 tokens into the escrow will encounter failed transactions, leading to a poor user experience and potential functionality gaps in the protocol.

High Severity

Given the complete failure to handle incoming ERC1155 token transfers, and the core functionality of an escrow system being affected, this issue is classified as high severity. It blocks a major feature and can severely impair the operations relying on ERC1155 tokens.

Tools Used

Foundry

Recommendations

  1. Implement IERC1155Receiver Interface:

    • The StarklaneEscrow contract should be updated to implement the IERC1155Receiver interface. This includes adding the necessary functions (onERC1155Received and onERC1155BatchReceived) to handle incoming ERC1155 token transfers.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

invalid-ERC1155-not-in-scope

```compatibilities: Blockchains: - Ethereum/Starknet Tokens: - [ERC721](www.tokenstandard.com) ``` ``` function depositTokens( uint256 salt, address collectionL1, snaddress ownerL2, uint256[] calldata ids, bool useAutoBurn ) external payable { if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) { revert CairoWrapError(); } if (!_enabled) { revert BridgeNotEnabledError(); } CollectionType ctype = TokenUtil.detectInterface(collectionL1); if (ctype == CollectionType.ERC1155) { @> revert NotSupportedYetError(); } … } ```

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.