OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
High severity
GitHub Reviewed
Published
Jul 20, 2022
in
OpenZeppelin/openzeppelin-contracts
•
Updated Jan 30, 2023
Description
Published to the GitHub Advisory Database
Jul 21, 2022
Reviewed
Jul 21, 2022
Published by the National Vulnerability Database
Jul 22, 2022
Last updated
Jan 30, 2023
Impact
ERC165Checker.supportsInterface
is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8'sabi.decode
allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1.The contracts that may be affected are those that use
ERC165Checker
to check for support for an interface and then handle the lack of support in a way other than reverting.Patches
The issue was patched in 4.7.1.
References
OpenZeppelin/openzeppelin-contracts#3552
For more information
If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at [email protected].
References