Missing `supportsInterface` Implementation for EIP-4906 Compliance in `SablierFlowBase` Contract
Summary
The SablierFlowBase contract fails to comply with EIP-4906 standards because it lacks an override of the supportsInterface function to return true for the EIP-4906 interface identifier 0x49064906. This omission prevents third-party platforms from correctly detecting and responding to metadata update events, which EIP-4906 aims to standardize.
Vulnerability Details
The SablierFlowBase contract includes metadata update events (MetadataUpdate and BatchMetadataUpdate), as required by EIP4906-specification. However, it does not implement the supportsInterface function to signal that it conforms to the EIP-4906 standard. According to EIP-4906 specifications, supportsInterface should return true for 0x49064906 to indicate compliance. Without this override, platforms checking for EIP-4906 compatibility will not detect the contract’s support for these metadata update events
Impact
Third-party applications or marketplaces querying the contract's interfaces will be unable to confirm its compliance with EIP-4906, potentially ignoring its metadata update events.
Failure to signal support for EIP-4906 results in a partial implementation of the standard, reducing the contract's utility within the ecosystem of compliant applications.
Tools Used
Manual Review
Recommendations
To achieve full EIP-4906 compliance, modify the contract to override the supportsInterface function, ensuring it returns true for the 0x49064906 interface ID, as shown below:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.