ArkProject: NFT Bridge

ArkProject

NFTBridge

60,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Incomplete Handling of ERC1155 Tokens in `bridge.sol::_depositIntoEscrow` Function

bhanujangid

Description:

The bridge.sol::_depositIntoEscrow function currently includes a TODO message about ensuring that the supply of ERC1155 tokens is exactly one when depositing into escrow. Although the project documentation indicates that only ERC721 tokens are supported at this time, this TODO highlights an area that could be critical if support for ERC1155 tokens is added in the future. Proper handling of ERC1155 tokens, including checking their supply, is essential to prevent potential issues related to incorrect token balances during the escrow process.

Impact:

If ERC1155 token support is added in the future without addressing this TODO, the escrow process may incorrectly handle tokens with a supply greater than one. This could result in contract state inconsistencies, incorrect token deposits, or unexpected behavior during token withdrawal. Such issues may lead to user confusion and undermine the reliability of the token bridging process.

Recommended Mitigation:

To ensure the correct handling of ERC1155 tokens, implement the following changes:

if (collectionType == CollectionType.ERC721) {

IERC721(collection).transferFrom(msg.sender, address(this), id);

} else {

+ // Check that the supply is exactly one

+ uint256 balance = IERC1155(collection).balanceOf(msg.sender, id);

+ if (balance != 1) {

+ revert IncorrectSupplyError(); // Custom error indicating the supply is not one

+ }

IERC1155(collection).safeTransferFrom(msg.sender, address(this), id, 1, "");

}

Additionally, define a custom error for incorrect token supply:

+ error IncorrectSupplyError();

Implementing these changes will ensure that the escrow process correctly handles ERC1155 tokens, should support for them be introduced in the future.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

invalid-ERC1155-not-in-scope

```compatibilities: Blockchains: - Ethereum/Starknet Tokens: - [ERC721](www.tokenstandard.com) ``` ``` function depositTokens( uint256 salt, address collectionL1, snaddress ownerL2, uint256[] calldata ids, bool useAutoBurn ) external payable { if (!Cairo.isFelt252(snaddress.unwrap(ownerL2))) { revert CairoWrapError(); } if (!_enabled) { revert BridgeNotEnabledError(); } CollectionType ctype = TokenUtil.detectInterface(collectionL1); if (ctype == CollectionType.ERC1155) { @> revert NotSupportedYetError(); } … } ```

Prize pool breakdown

Total prize

60,000 USDC

nSLOC

2,301

26 USDC / LOC

High Medium

50,000 USDC

Low

5,500 USDC

Judges

4,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.