Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-06-LUKSO-FINDINGS-ISSUES-102
HistoryJul 14, 2023 - 12:00 a.m.

Incorrect Interface ID for LSP0

2023-07-1400:00:00
Code4rena
github.com
5
vulnerability
impact
proof of concept
xor
standards
mitigation
JSON

Lines of code

Vulnerability details

Impact

The interface ID stated for LSP0 in LSP0Constants.sol and LIP-0 is 0x3e89ad98, which will affect related logics.

Proof of Concept

According to LIP-0, this ID is derived from the XOR of the following:

  • selector of batchCalls()
  • IDs of the following standards:
    • ERC725Y
    • ERC725X
    • LSP1-UniversalReceiver
    • ERC1271-isValidSignature
    • LSP14Ownable2Step
    • LSP17Extendable
    • LSP20CallVerification

However, the XOR of all of the above is 0x24871b3d. We note that if we remove the LSP20CallVerification standard, then we obtain the stated interface ID of 0x3e89ad98.

Tools Used

Manual

Recommended Mitigation Steps

Change the interface ID of LSP0 if the LSP20CallVerification standard is meant to be included.

Assessed type

Context

The text was updated successfully, but these errors were encountered:

All reactions

JSON