ArkProject: NFT Bridge

Summary

The Cairo bridge implementation does not implement the ERC721 and ERC1155 receiver interfaces, which can result in reverted transactions when attempting to use safe_mint or safe_transfer_from to send NFTs to the bridge.

The chosen severity is medium, consistent with the Solidity bot report that identified a similar issue in the Solidity contracts.

Vulnerability Details

The Cairo bridge lacks the required implementations of the erc721_receiver.cairo and erc1155_receiver.cairo interfaces, which define the necessary functions (on_erc721_received and on_erc1155received) to handle incoming NFT transfers correctly. When a contract that does not implement these interfaces receives tokens via safe_mint or safe_transfer_from, the transfer will be reverted because the token contract checks for the appropriate receiver implementation. This vulnerability can prevent users from successfully transferring NFTs to the bridge, hindering its functionality and usability.

Impact

1. Transaction Failures: Users attempting to transfer NFTs to the bridge using safe transfer methods will encounter failed transactions, resulting in a poor user experience.

2. Limited Functionality: The bridge will be unable to accept ERC721 and ERC1155 tokens, limiting its utility and potential for integration with other applications and ecosystems.

3. Loss of Trust: Users may lose confidence in the bridge's reliability if they experience consistent transaction failures when interacting with it.

Recommendations

1. Implement ERC721 and ERC1155 Receiver Interfaces: Add implementations of the erc721_receiver and erc1155_receiver interfaces to the Cairo bridge contract to ensure it can properly receive NFTs.

2. Test Token Transfers: After implementing the interfaces, conduct thorough testing to ensure that the bridge can accept both ERC721 and ERC1155 tokens without transaction failures.