Token-0x
First Flight #54
Beginner FriendlyDeFi
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: low

ERC20 Contract Does Not Explicitly Inherit from IERC20 Interface

Author Revealed upon completion

Root + Impact

Description

  • Standard ERC-20 implementations (like OpenZeppelin) explicitly inherit from the IERC20 interface (contract ERC20 is IERC20).

    This ensures that the contract actually implements all functions required by the interface and signatures match exactly.

  • The ERC20 contract in src/ERC20.sol implements the functions required by the standard (transfer , approve, etc.) but does not mark is IERC20 in its declaration.

// src/ERC20.sol
@> contract ERC20 is IERC20Errors, ERC20Internals { // Missing "is IERC20"

Risk

Likelihood:

  • The functions are present and public.


Impact:

  • Missing Compile-Time Checks: If a function signature in ERC20 is slightly wrong (e.g., transfer returning void instead of bool), the compiler won't throw an error because it's not trying to match the IERC20 interface.

  • Integration Issues: Some smart contract tools or EIP-165 checks (if added later) might rely on explicit inheritance to verify compliance.


Proof of Concept

contract ERC20 is IERC20Errors, ERC20Internals { ... }

Recommended Mitigation

// src/ERC20.sol
- contract ERC20 is IERC20Errors, ERC20Internals {
+ contract ERC20 is IERC20, IERC20Errors, ERC20Internals {

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!