From cc0426317052b1850b686f2fbbcf481520399735 Mon Sep 17 00:00:00 2001 From: Robb Walters Date: Fri, 9 Jun 2023 09:00:16 -0700 Subject: [PATCH 1/3] Highlight Reentrancy Risk in IERC1155 SafeTransferFrom Function (#4283) Co-authored-by: Francisco --- contracts/token/ERC1155/IERC1155.sol | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contracts/token/ERC1155/IERC1155.sol b/contracts/token/ERC1155/IERC1155.sol index d7e25a5b12e..3d2585d7e02 100644 --- a/contracts/token/ERC1155/IERC1155.sol +++ b/contracts/token/ERC1155/IERC1155.sol @@ -86,6 +86,11 @@ interface IERC1155 is IERC165 { /** * @dev Transfers `amount` tokens of token type `id` from `from` to `to`. * + * WARNING: This function can potentially allow a reentrancy attack when transferring tokens + * to an untrusted contract, when invoking {onERC1155Received} on the receiver. + * Ensure to follow the checks-effects-interactions pattern and consider employing + * reentrancy guards when interacting with untrusted contracts. + * * Emits a {TransferSingle} event. * * Requirements: @@ -101,6 +106,12 @@ interface IERC1155 is IERC165 { /** * @dev xref:ROOT:erc1155.adoc#batch-operations[Batched] version of {safeTransferFrom}. * + * + * WARNING: This function can potentially allow a reentrancy attack when transferring tokens + * to an untrusted contract, when invoking {onERC1155Received} on the receiver. + * Ensure to follow the checks-effects-interactions pattern and consider employing + * reentrancy guards when interacting with untrusted contracts. + * * Emits a {TransferBatch} event. * * Requirements: From e73f90fa9d42489b5e7df327738dad9cdad31b0b Mon Sep 17 00:00:00 2001 From: Pascal Marco Caversaccio Date: Sun, 11 Jun 2023 21:38:31 +0200 Subject: [PATCH 2/3] Fix `IERC1155.safeBatchTransferFrom` documentation (#4340) --- contracts/token/ERC1155/IERC1155.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contracts/token/ERC1155/IERC1155.sol b/contracts/token/ERC1155/IERC1155.sol index 3d2585d7e02..16b2b71a3fa 100644 --- a/contracts/token/ERC1155/IERC1155.sol +++ b/contracts/token/ERC1155/IERC1155.sol @@ -108,7 +108,7 @@ interface IERC1155 is IERC165 { * * * WARNING: This function can potentially allow a reentrancy attack when transferring tokens - * to an untrusted contract, when invoking {onERC1155Received} on the receiver. + * to an untrusted contract, when invoking {onERC1155BatchReceived} on the receiver. * Ensure to follow the checks-effects-interactions pattern and consider employing * reentrancy guards when interacting with untrusted contracts. * From 08fd777f6d66369f7a6cbd2d64effda937ff9ce9 Mon Sep 17 00:00:00 2001 From: Pascal Marco Caversaccio Date: Mon, 12 Jun 2023 11:00:35 +0200 Subject: [PATCH 3/3] Rename "`ecrecover` opcode" to "`ecrecover` precompile" in `ECDSA` (#4339) --- contracts/utils/cryptography/ECDSA.sol | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contracts/utils/cryptography/ECDSA.sol b/contracts/utils/cryptography/ECDSA.sol index efff6063c2f..b907abfc091 100644 --- a/contracts/utils/cryptography/ECDSA.sol +++ b/contracts/utils/cryptography/ECDSA.sol @@ -35,7 +35,7 @@ library ECDSA { * @dev Returns the address that signed a hashed message (`hash`) with * `signature` or error string. This address can then be used for verification purposes. * - * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: + * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. * @@ -74,7 +74,7 @@ library ECDSA { * @dev Returns the address that signed a hashed message (`hash`) with * `signature`. This address can then be used for verification purposes. * - * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures: + * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures: * this function rejects them by requiring the `s` value to be in the lower * half order, and the `v` value to be either 27 or 28. *