NFTBridge
60,000 USDC
View results
Submission Details
Severity: low
Invalid

supporting IERC1155 in _depositIntoEscrow, _withdrawFromEscrow but not in depositTokens in "Bridge"

Summary

we are not supporting the IERC1155 into the depositTokens in Bridge.sol but we are supporting it into Escrow.sol.

Vulnerability Details

function _depositIntoEscrow(
CollectionType collectionType,
address collection,
uint256 [] memory ids
)
internal
{
assert(ids.length > 0);
for (uint256 i = 0; i < ids.length; i++) {
uint256 id = ids[i];
if (collectionType == CollectionType.ERC721) {
IERC721(collection).transferFrom(msg.sender, address(this), id);
} else {
// TODO: check the supply is exactly one.
// (this is the low level call to verify if a contract has some function).
// (but it's better to check with supported interfaces? It's 2 calls instead
// of one where we control the fail.)
//(bool success, bytes memory data) = contractAddress.call("");
@> IERC1155(collection).safeTransferFrom(msg.sender, address(this), id, 1, "");
}
_escrow[collection][id] = msg.sender;
}
}
/**
@notice Withdraw a token from escrow.
@param collectionType The token type,
@param collection Token collection address.
@param to Owner withdrawing the token.
@param id Token to be deposited.
@return True if the token was into escrow, false otherwise.
*/
function _withdrawFromEscrow(
CollectionType collectionType,
address collection,
address to,
uint256 id
)
internal
returns (bool)
{
if (!_isEscrowed(collection, id)) {
return false;
}
address from = address(this);
if (collectionType == CollectionType.ERC721) {
IERC721(collection).safeTransferFrom(from, to, id);
} else {
// TODO:
// Check here if the token supply is currently 0.
@> IERC1155(collection).safeTransferFrom(from, to, id, 1, "");
}
_escrow[collection][id] = address(0x0);
return true;
}

Impact

Tools Used

Recommendations

support same token in both places as we are reverting IERC1155 inBridge.sol but accepting into escrow.sol

Updates

Lead Judging Commences

n0kto Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

Informational / Gas

Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.