sorrynotsorry
high
The codebase uses openzeppelin-contracts@4.3.2 package which has ERC165 interface compatibility check bug.
ERC165Checker is a library used to query support of an interface declared via IERC165
.
ERC165Checker.supportsInterface
which is under is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected, specifically if it returns a value other than 0 or 1.
ERC165 interface check may revert instead of returning false. The contracts that may be affected are those that use ERC165Checker to check for support for an interface and then handle the lack of support in a way other than reverting.
function supportsInterface(bytes4 interfaceId)
public
view
override(ERC721, AccessControl)
returns (bool)
{
return super.supportsInterface(interfaceId);
}
Manual Review
Upgrade @openzeppelin/contracts to version 4.7.1 or higher.