The Cairo and Solidity bridge implementations do not utilize the safe_transfer_from
/safeTransferFrom
and safe_mint
/safeMint
functions, which can lead to the loss of NFTs if they are sent to smart contracts that do not support the ERC721 and ERC1155 receiver interfaces.
In the provided code:
Solidity Contracts:
mintFromBridge
functions in the Solidity contracts use _mint
directly instead of safeMint
. This bypasses the checks that safeMint
would typically perform to ensure that the recipient contract can handle the received tokens.
Cairo Contracts:
The Cairo implementation uses _mint
for minting operations and transfer_from
for transferring tokens, which do not include checks for ERC721 and ERC1155 receiver interfaces.
Transaction Failures: NFT transfers or mints to smart contracts that do not support the ERC721 or ERC1155 receiver interfaces will fail. This results in a loss of tokens if the recipient contract cannot handle the transfer properly.
Token Loss: NFTs sent to contracts that do not implement the necessary receiver functions may be lost forever, as they are not received by the intended destination and cannot be retrieved.
Reduced Usability: Users and developers may face issues when interacting with the bridge, as the expected functionality to transfer or mint tokens safely is not enforced.
Use Safe Transfer and Mint Functions: Implement the use of safeTransferFrom
and safeMint
functions in the Solidity and Cairo contracts to ensure that tokens are only transferred to contracts that can handle them properly.
Solidity Example:
Cairo Example:
Add Receiver Interface Checks: Ensure that the receiving contracts implement the necessary ERC721 and ERC1155 receiver interfaces before performing transfers or mints.
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.