Missing ERC1155TokenReceiver Implementation in Bridge Contract
Risk is low because this feature is not enabled as of now.
Summary
The Bridge contract, which inherits from StarklaneEscrow, uses safeTransferFrom to receive ERC1155 tokens but fails to implement the required ERC1155TokenReceiver interface. This oversight can lead to failed token transfers and potential loss of user funds when attempting to bridge ERC1155 tokens.
Vulnerability Details
In the StarklaneEscrow contract, the _depositIntoEscrow function uses safeTransferFrom for ERC1155 tokens
The safeTransferFrom function in ERC1155 standard requires the receiving contract to implement the ERC1155TokenReceiver interface, specifically the onERC1155Received function. However, the Bridge contract does not implement this interface, which will cause all ERC1155 token transfers to fail.
Impact
This vulnerability renders the bridge non-functional for ERC1155 tokens. Any attempt to bridge ERC1155 tokens will fail.
Tools Used
Manual code review
Recommendations
Implement the ERC1155TokenReceiver interface in the Bridge contract
Lead Judging Commences
invalid-ERC1155-not-in-scope
```compatibilities: Blockchains: - Ethereum/Starknet Tokens: - [ERC721](www.tokenstandard.com) ``` ``` function depositTokens( uint256 salt, address collectionL1, snaddress ownerL2, uint256[] calldata ids, bool useAutoBurn ) external payable { if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) { revert CairoWrapError(); } if (!_enabled) { revert BridgeNotEnabledError(); } CollectionType ctype = TokenUtil.detectInterface(collectionL1); if (ctype == CollectionType.ERC1155) { @> revert NotSupportedYetError(); } … } ```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.