Missing `supportsInterface()` in Nexus accounts violates ERC-7579
Summary
Nexus accounts violate ERC-7579 as they do not have a supportsInterface() function.
Vulnerability Details
According to the contest README, Nexus accounts are compliant with ERC-7579:
Nexus is a suite of contracts for Modular Smart Accounts compliant with ERC-7579 and ERC-4337
In EIP-7579, it states that all smart accounts must implement ERC-165:
Smart accounts MUST implement ERC-165. However, for every interface function that reverts instead of implementing the functionality, the smart account MUST return false for the corresponding interface id.
However, the Nexus contract and its inherited contracts do not have a supportsInterface() function. This means that it does not implement ERC-165 and violates the EIP-7579 specification.
Impact
Nexus accounts violate the EIP-7579 specification and could break composability with external integrations External integrations will call supportsInterface() expecting a boolean in return, but instead, the call will revert as the supportsInterface() function does not exist.
Recommendations
Add a supportsInterface() function in the Nexus contract.
Lead Judging Commences
finding-ERC7579-ERC165-non-compliant
The argument for medium severity here is the potential inconsistencies with external integrations that would like to query whether a contract supports the interface. The impact is arguable though, so would leave open for arguments during appeals period.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.