ArkProject: NFT Bridge
ArkProject
NFTBridge
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Unified Interface for ERC721 and ERC1155 Token Handling

bhanujangid

Description:

The Bridge.sol::withdrawTokens function currently implements separate logic paths for handling ERC721 and ERC1155 tokens. This approach results in code duplication and increases the overall complexity of the contract. By having distinct blocks of code for each token standard, the contract becomes harder to maintain and more prone to errors. A unified interface that abstracts common operations, such as minting and transferring tokens, would simplify the code, reduce redundancy, and ensure consistent handling of different token standards within the contract.

Impact:

  • Increased Complexity: The separation of logic for ERC721 and ERC1155 tokens adds unnecessary complexity to the contract, making it harder to understand, maintain, and audit.

  • Code Duplication: Maintaining separate code paths for different token standards can lead to duplication, which increases the likelihood of inconsistencies and bugs. For instance, any future changes or fixes to token handling logic would need to be implemented twice, once for each standard.

  • Potential for Errors: The increased complexity and duplication may introduce subtle bugs, especially if the logic for handling ERC721 and ERC1155 tokens diverges unintentionally over time. This could affect the reliability of the token bridging process and potentially lead to incorrect token transfers or minting operations.

  • Maintenance Overhead: Developers would need to manage and maintain multiple code paths, leading to higher maintenance costs and increased risk of introducing errors during updates or modifications.

Recommended Mitigation:

To address these issues and improve the robustness of the Bridge.sol::withdrawTokens function, the following steps are recommended:

  • Define a Unified Interface: Create a base interface, such as ITokenBridgeable, that abstracts common functions needed for token minting, transferring, and other operations. This interface should define the methods that are shared between ERC721 and ERC1155 tokens.

interface ITokenBridgeable {
function mintFromBridge(address to, uint256 tokenId) external;
function safeTransferFrom(address from, address to, uint256 tokenId) external;
}

  • Implement the Interface: Modify the existing ERC721 and ERC1155 contracts to implement this new interface, ensuring they provide consistent behavior when interacted with via the withdrawTokens function.

  • Refactor the Bridge.sol::withdrawTokens Function: Update the withdrawTokens function to use the unified interface. This will reduce code duplication, simplify the logic, and ensure consistent handling of both token standards.

ITokenBridgeable tokenCollection = ITokenBridgeable(collectionL1);
for (uint256 i = 0; i < req.tokenIds.length; i++) {
uint256 id = req.tokenIds[i];
bool wasEscrowed = _withdrawFromEscrow(ctype, collectionL1, req.ownerL1, id);
if (!wasEscrowed) {
tokenCollection.mintFromBridge(req.ownerL1, id);
}
}
Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.