Bridging ERC1155 NFTs on l1 produces ERC721 NFTs on l2
Summary
The l1 bridge supports erc1155 bridging but the l2 bridge currently has no logic for minting erc1155 nfts.
Vulnerability Details
The line above allows depositing Erc20 and ERC1155 nfts on ethereum, but in the withdraw_autofroml1_ function on starknet the _ctype collection type is retrieved but never used to determint what kind of NFT is to be minted.
Therefore for every erc1155 bridged on l1 an erc721 is minted on l2, which can lead to a large number of dublicated NFTs and also render the core function of the NFTs invalid, i.e. if they are meant to be used as in-game items or collectibles.
Impact
NFTs intended usage and uniqueness is disrupted
Tools Used
Manual Review
Recommendations
Consider checking _ctype on starknet to determine what type of NFT is to be minted then add logic for minting ERC1155s into the contract.
Lead Judging Commences
invalid-ERC1155-not-in-scope
```compatibilities: Blockchains: - Ethereum/Starknet Tokens: - [ERC721](www.tokenstandard.com) ``` ``` function depositTokens( uint256 salt, address collectionL1, snaddress ownerL2, uint256[] calldata ids, bool useAutoBurn ) external payable { if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) { revert CairoWrapError(); } if (!_enabled) { revert BridgeNotEnabledError(); } CollectionType ctype = TokenUtil.detectInterface(collectionL1); if (ctype == CollectionType.ERC1155) { @> revert NotSupportedYetError(); } … } ```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.