ERC-165 is not implemented by Nexus Smart Account
Summary
ERC-165 is not implemented by Nexus Smart Account.
Vulnerability Details
According to ERC-7579 Specification, smart accounts MUST implement ERC-165.
Smart accounts MUST implement ERC-165. However, for every interface function that reverts instead of implementing the functionality, the smart account MUST return false for the corresponding interface id.
However, ERC165.supportsInterface() function is not implemented by Nexus contract.
Impact
Medium.
Nexus contract is to be a strict implementation of ERC7579, and it is expected to implement the mandatory ERC165.supportsInterface() function, failing to do so may:
Hinder the interoperability for modules to be used across different smart accounts;
Hinder the interoperability for smart accounts to be used across different wallet applications and sdks;
Bring significant vendor lock-in for smart account users.
Tools Used
Manual Review
Recommendations
Implement ERC165.supportsInterface() function in Nexus contract.
Lead Judging Commences
finding-ERC7579-ERC165-non-compliant
The argument for medium severity here is the potential inconsistencies with external integrations that would like to query whether a contract supports the interface. The impact is arguable though, so would leave open for arguments during appeals period.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.