Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Sablier Flow is incompatible with ERC-4906

spuriousdragon

Summary

SablierFlow does not strictly follow ERC-4906 standard.

Vulnerability Details

From [ERC-4906](https://eips.ethereum.org/EIPS/eip-4906), it can be seen that "The supportsInterface method MUST return true when called with 0x49064906."

However, in Sablier Flow's implementation, the supportsInterface function inherited from ERC721 is not overriden to return true if queried for 0x49064906. This makes the protocol not strictly compliant with ERC-4906.

A good example of a contract from Sablier's that actually overrides such function to make it strictly compliant with ERC-4906 is [`SablierV2Lockup`](https://github.com/sablier-labs/v2-core/blob/43cf7c9d968e61a5a03e9237a71a27165b125414/src/abstracts/SablierV2Lockup.sol#L209), where it can be seen that supportsInterface is overriden to be fully compliant with ERC-4906.

Impact

Not being fully compliant with ERC-4906 might lead to some issues with certain NFT marketplaces, as it could be required for the Sablier Flow collection to answer true if requested if the 0x49064906 interface is supported.

Tools Used

Manual review

Recommendations

Update SablierFlowBase so that it returns true if requested for the 0x49064906interface in supportsInterface:

abstract contract SablierFlowBase is
Adminable, // 1 inherited component
ISablierFlowBase, // 5 inherited component
ERC721 // 6 inherited components
{
...
+ function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC721) returns (bool) {
+ return interfaceId == bytes4(0x49064906) || super.supportsInterface(interfaceId);
+ }
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

EIP4906

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.