Usage of idea proposal EIP-677 #34
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
grade-b
low quality report
This report is of especially low quality
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
2 (Med Risk)
|
0xA5DF marked the issue as low quality report |
c4-pre-sort
added
the
low quality report
|
Might be a QA, no significant impact is demonstrated |
c4-judge
added
downgraded by judge
|
hansfriese changed the severity to QA (Quality Assurance) |
|
hansfriese marked the issue as grade-b |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-04-frankencoin/blob/f86279e76fd9f810d2a25243012e1be4191a547e/contracts/ERC20.sol#L161
https://github.com/code-423n4/2023-04-frankencoin/blob/f86279e76fd9f810d2a25243012e1be4191a547e/contracts/StablecoinBridge.sol#L75
https://github.com/code-423n4/2023-04-frankencoin/blob/f86279e76fd9f810d2a25243012e1be4191a547e/contracts/Equity.sol#L241
Vulnerability details
Impact
According to
https://eips.ethereum.org/erc, theERC-677standard used in the project is not included in the Final, Last Call list of standards (This standard is an Idea and not a standard), which leads to the fact that a standard is used which has not been approved/deprecated or removedConsequences:
transferFromAndCallProof of Concept
Links to the code:
ERC20.sol#L161-L168
IERC677Receiver.sol
StablecoinBridge.sol
Equity.sol
Links on the resource side:
https://eips.ethereum.org/all
ERC: transferAndCall Token Standard ethereum/EIPs#677
https://eips.ethereum.org/EIPS/eip-1363
https://eips.ethereum.org/
Tools Used
Recommended Mitigation Steps
EIP-677has been refined and now https://eips.ethereum.org/EIPS/eip-1363 has appeared which can be usedThe text was updated successfully, but these errors were encountered: