Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`setURI` is not ERC1155 compliant.

fourb

Summary

The [`OWPIdentity::setURI`](https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/OWPIdentity.sol#L23) is not ERC1155 compliant because this standard requires an event to be emitted whenever there is a change of URI but this contract emits no event

Vulnerability Details

Looking at `setURI`

function setURI(string memory newuri) public onlyRole(DEFAULT_ADMIN_ROLE) {
_setURI(newuri);
}

we can see that after the URI is set there is no emitting of event to notify offchain protocols, this goes against the ERC1155 standard stated [here](https://eips.ethereum.org/EIPS/eip-1155)

The standard:

The optional ERC1155Metadata_URI extension can be identified with the ERC-165 Standard Interface Detection.

If the optional ERC1155Metadata_URI extension is included:

  • The ERC-165 supportsInterface function MUST return the constant value true if 0x0e89341c is passed through the interfaceID argument.

  • Changes to the URI MUST emit the URI event if the change can be expressed with an event (i.e. it isn’t dynamic/programmatic).

As we can see from the code imports, this uses the openzeppelin implementation which makes use of all these components.

a similar issue was found on code4rena check [here](https://solodit.cyfrin.io/issues/m-5-erc1155bridgable-is-not-eip-1155-compliant-sherlock-flayer-git).

Impact

This makes the protocol non-compliant with the standard and can also cause issues with off-chain protocols to work incorrectly.

Tools Used

manual review

Recommendations

Introduce an event to be emitted whenever the URI is changed

Updates

Lead Judging Commences

0xbrivan2 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!