Flow

Sablier

FoundryDeFi

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Missing EIP-4906 interface support in Flow NFT Implementation

0xtheblackpanther

Summary

The SablierFlowBase contract emits EIP-4906 metadata update events but fails to properly implement the EIP-4906 interface, specifically lacking the required supportsInterface(bytes4) function that should return true for interface ID 0x49064906. This prevents NFT marketplaces and other protocols from detecting the contract's metadata update capabilities.

Vulnerability Details

The SablierFlowBase contract inherits from ERC721 and uses EIP-4906 events for metadata updates:

abstract contract SablierFlowBase is

Adminable,

ISablierFlowBase,

ERC721

{

// Uses EIP-4906 events

modifier updateMetadata(uint256 streamId) {

emit MetadataUpdate({ _tokenId: streamId });

}

function setNFTDescriptor(...) {

// ...

emit BatchMetadataUpdate({ _fromTokenId: 1, _toTokenId: nextStreamId - 1 });

}

However, the contract doesn't implement the required supportsInterface(bytes4) function to signal EIP-4906 support. This function should return true for the EIP-4906 interface ID (0x49064906).

Impact

HIGH. Stream NFTs contain critical information that must stay updated:

Stream status (STREAMING_SOLVENT, STREAMING_INSOLVENT, etc.)
Current balance and withdrawal amounts
Rate per second and duration details
Covered/uncovered debt amounts

Without proper EIP-4906 interface support:

NFT marketplaces won't detect metadata update capabilities
Stream NFT displays may show stale data after state changes
Buyers might make decisions based on outdated stream information
Critical stream parameters (balance, status) might not refresh properly

This is especially problematic for transferable streams where accurate metadata is crucial for secondary market trading.

Likelihood

MEDIUM. This affects all transferable stream NFTs in the protocol, and the issue will manifest whenever:

Stream parameters are updated
Deposits or withdrawals occur
Stream status changes
NFTs are listed on marketplaces

Proof of Concept

Below is pseudo code PoC

// Test to demonstrate missing interface support

function testEIP4906Support() public {

// Deploy SablierFlow

SablierFlow flow = new SablierFlow(admin, descriptor);

// Check EIP-4906 interface support

bool supportsEIP4906 = flow.supportsInterface(0x49064906);

assertEq(supportsEIP4906, false); // Fails - should return true - @audit

// Create and modify stream

uint256 streamId = flow.create(...);

flow.deposit(streamId, 100);

// Marketplace integration would fail to detect metadata updates

}

Recommendation

Implement EIP-4906 interface support in SablierFlowBase as the standard is doing here

abstract contract SablierFlowBase is Adminable, ISablierFlowBase, ERC721 {

function supportsInterface(bytes4 interfaceId)

public

view

virtual

override

returns (bool)

{

return

interfaceId == 0x49064906 || // EIP-4906

super.supportsInterface(interfaceId);

}

This ensures:

Proper interface detection by NFT marketplaces
Accurate metadata updates for stream NFTs
Compliance with EIP-4906 specification
Better integration with third-party protocols

The fix is simple to implement and critical for the proper functioning of transferable stream NFTs in secondary markets.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

EIP4906

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

699

29 USDC / LOC

High Medium

19,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.