`setURI` is not ERC1155 compliant.
Summary
The [`OWPIdentity::setURI`](https://github.com/Cyfrin/2024-11-one-world/blob/1e872c7ab393c380010a507398d4b4caca1ae32b/contracts/OWPIdentity.sol#L23) is not ERC1155 compliant because this standard requires an event to be emitted whenever there is a change of URI but this contract emits no event
Vulnerability Details
Looking at `setURI`
we can see that after the URI is set there is no emitting of event to notify offchain protocols, this goes against the ERC1155 standard stated [here](https://eips.ethereum.org/EIPS/eip-1155)
The standard:
The optional
ERC1155Metadata_URIextension can be identified with the ERC-165 Standard Interface Detection.If the optional
ERC1155Metadata_URIextension is included:
The ERC-165
supportsInterfacefunction MUST return the constant valuetrueif0x0e89341cis passed through theinterfaceIDargument.Changes to the URI MUST emit the
URIevent if the change can be expressed with an event (i.e. it isn’t dynamic/programmatic).
As we can see from the code imports, this uses the openzeppelin implementation which makes use of all these components.
a similar issue was found on code4rena check [here](https://solodit.cyfrin.io/issues/m-5-erc1155bridgable-is-not-eip-1155-compliant-sherlock-flayer-git).
Impact
This makes the protocol non-compliant with the standard and can also cause issues with off-chain protocols to work incorrectly.
Tools Used
manual review
Recommendations
Introduce an event to be emitted whenever the URI is changed
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.