Not compliant with ERC-7579 because of missing ERC-165 Implementation
Lines of code
https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/Nexus.sol#L1-L552
Impact
The absence of ERC-165 implementation means that other contracts and off-chain services cannot programmatically verify that the Nexus contract supports the required interfaces. This can lead to interoperability issues and hinder the integration of the Nexus contract with other systems that rely on interface detection.
Proof of Concept
The Nexus contract is designed to handle modular smart accounts compliant with ERC-7579 and ERC-4337 standards. However, it currently lacks the implementation of the ERC-165 standard, which is a requirement for ERC-7579 compliance. ERC-165 provides a standard method to publish and detect what interfaces a smart contract implements.
Example:
A user or another contract attempts to verify if the
Nexuscontract supports a specific interface using thesupportsInterfacemethod.Since the
Nexuscontract does not implementsupportsInterface, the call fails, returning false or reverting.This failure prevents the user or contract from confirming the
Nexuscontract's capabilities, leading to potential integration failures.
Recommended Mitigation Steps
Implement the supportsInterface method as specified in ERC-165. This method should return true for the interface IDs of all interfaces that the Nexus contract supports, including ERC-165 itself.
Lead Judging Commences
finding-ERC7579-ERC165-non-compliant
The argument for medium severity here is the potential inconsistencies with external integrations that would like to query whether a contract supports the interface. The impact is arguable though, so would leave open for arguments during appeals period.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.