Platform: Code4rena
Start Date: 01/04/2024
Pot Size: $120,000 USDC
Total HM: 11
Participants: 55
Period: 21 days
Judge: Picodes
Total Solo HM: 6
Id: 354
League: ETH
Rank: 40/55
Findings: 1
Award: $32.96
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: DadeKuma
Also found by: 0xStalin, 0xhacksmithh, 99Crits, Aymen0909, Bauchibred, CodeWasp, Dup1337, IllIllI, John_Femi, K42, KupiaSec, Naresh, Rhaydden, Rolezn, Sathish9098, Topmark, ZanyBonzy, albahaca, bareli, blockchainbuttonmasher, cheatc0d3, codeslide, crc32, d3e4, favelanky, grearlake, hihen, jasonxiale, jesjupyter, lanrebayode77, lirezArAzAvi, lsaudit, mining_mario, oualidpro, pfapostol, radin100, rbserver, sammy, satoshispeedrunner, slvDev, twcctop, zabihullahazadzoi
32.9585 USDC - $32.96
ERC1155Minimal.sol
Balance Underflow Risk:
The safeTransferFrom and safeBatchTransferFrom functions do not explicitly check for balance underflow, which could happen if someone tries to transfer more tokens than they have. Although Solidity 0.8.x and above include built-in underflow/overflow checks, it is good practice to ensure there's an appropriate balance before allowing the transfer.
ERC1155Holder as a Type Cast for to:
In both the safeTransferFrom and safeBatchTransferFrom functions, there is a potentially dangerous cast of the to address to ERC1155Holder, regardless of whether it is a valid contract that implements ERC1155Receiver. The right check would be to call the interface methods directly on to and ensure it implements onERC1155Received or onERC1155BatchReceived. The current implementation assumes that to is an ERC1155Holder contract or has the same interface, which may not be true. This could cause a revert or unexpected behavior if to does not implement the expected functions.
Missing Interface Check for ERC1155Receiver:
The supportsInterface function does not check for the ERC1155Receiver interface (0x4e2312e0), which it implicitly supports due to the implementation of the safeTransferFrom and safeBatchTransferFrom functions. When transferring tokens to a contract, that contract should support the ERC1155Receiver interface, and the supportsInterface function should return true for that interface ID.
Unsafe External Calls without Reentrancy Protection:
The calls to onERC1155Received and onERC1155BatchReceived could potentially lead to reentrancy attacks if the to contract is malicious. Consider using reentrancy guards like the OpenZeppelin's ReentrancyGuard to prevent such issues.
Incorrect to.code.length Check:
The checks for to.code.length != 0 are intended to determine if to is a contract. However, the correct way in Solidity to check if an address is a contract is to use to.code.length > 0 or to use Address.isContract(to) if you are using OpenZeppelin libraries.
Event on Minting to Smart Contracts:
The _mint function sends an event and then checks if to is a contract to call onERC1155Received. According to EIP-1155, external code should only be called after all internal state changes, including events, are completed. Thus, the event should be emitted after the call to the external contract.
Lack of Input Validation:
There are no checks that ensure the ids and amounts arrays provided to safeBatchTransferFrom have the same length, which is a requirement for batch transfers.
Unchecked Length in balanceOfBatch:
The balanceOfBatch function does not check if owners and ids are of equal length, which they should be according to the ERC1155 specification.
Documentation/Comment Issues:
There are minor issues with the documentation, such as missing @dev comments for balanceOf and isApprovedForAll. Consistent and thorough documentation helps with clarity and maintainability.
Please note that reviewing smart contract code requires more than analyzing the code manually. It generally involves running tests, static analysis tools, and possibly audits by professionals to identify potential security issues.
#0 - c4-judge
2024-04-26T17:16:53Z
Picodes marked the issue as grade-b