Summary

The depositTokens function contains unnecessary logic for ERC-1155 token handling, even though ERC-1155 tokens are explicitly unsupported in the current version of the contract. The function includes code that tries to handle ERC-1155 metadata, but this code will never be reached because the function reverts with a NotSupportedYetError for ERC-1155 tokens earlier in the execution flow.

Vulnerability Details

At the beginning of the depositTokens function, a check is made to detect if the collectionL1 is of type ERC1155. If the token type is ERC-1155, the function will revert immediately with the NotSupportedYetError:

However, despite this early revert, there is code further down in the function that attempts to retrieve and process ERC-1155 metadata:

This code is effectively unreachable because the function will have already reverted due to the earlier check for ERC1155 tokens. As a result, the logic that deals with ERC-1155 tokens is redundant and unnecessarily increases the complexity of the function.

Impact

While this issue may not introduce immediate security risks, it leads to unnecessary complexity in the contract code, which could confuse developers and auditors. Additionally, maintaining unreachable code could increase the risk of future vulnerabilities if the function is extended or modified to support ERC-1155 tokens. It also adds unnecessary gas costs for deploying the contract, as this unreachable code increases the contract's size without serving any purpose.

Tools Used

Manual Code Review

Recommendations

The redundant ERC-1155 handling logic should be removed from the depositTokens function to simplify the code and avoid confusion. To ensure clarity in the function's behavior, consider adding a specific check to enforce that only ERC-721 tokens are supported. This additional check would explicitly state that any token types other than ERC-721 are not currently supported, preventing the function from handling other types accidentally or incorrectly.