Incorrect Function Call in StarklaneEscrow::_withdrawFromEscrow function, can lead to failure of the protocol
Summary
The incorrect function call for ERC1155 can cause the entire transfer process to fail or behave incorrectly, leading to unintended token transfers, transaction failures, and increased gas costs. This bug must be fixed to ensure that the function handles ERC721 and ERC1155 transfers correctly, according to the collectionType.
Vulnerability Details
The code block is incorrectly calling both ERC721 and ERC1155 transfer functions inside the same if condition. Specifically:
Impact
can cause the entire transfer process to fail or behave incorrectly
Tools Used
manual review
Recommendations
Fix the missing else statement for ERC1155
Lead Judging Commences
invalid-ERC1155-not-in-scope
```compatibilities: Blockchains: - Ethereum/Starknet Tokens: - [ERC721](www.tokenstandard.com) ``` ``` function depositTokens( uint256 salt, address collectionL1, snaddress ownerL2, uint256[] calldata ids, bool useAutoBurn ) external payable { if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) { revert CairoWrapError(); } if (!_enabled) { revert BridgeNotEnabledError(); } CollectionType ctype = TokenUtil.detectInterface(collectionL1); if (ctype == CollectionType.ERC1155) { @> revert NotSupportedYetError(); } … } ```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.