Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[gms-1166] threat model for 1155 #148

Merged
merged 1 commit into from
Dec 6, 2023
Merged

[gms-1166] threat model for 1155 #148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions audits/202309-threat-model-preset-erc721.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
# Contract Factory Threat Model

## Introduction
This document is a thread model for two preset erc721 token contracts built by Immutable.

Expand Down
42 changes: 42 additions & 0 deletions audits/202312-threat-model-preset-erc1155.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
## Introduction
This document is a thread model for the preset erc1155 token contracts built by Immutable.

This document encompasses information for all contracts under the [token](../contracts/token/erc1155) directory

## Context

The ERC1155 presets built by immutable were done with the requirements of supply tracking and permits

- Clients should be able to track how many tokens of a specific token id in a collection is in circulation

- Clients should be able to create permits for unapproved wallets to operate on their behalf

- Minting should be restricted to addresses that were granted the `minter` role.

- Only allow operators should be able to modify and assign roles to addresses for administering the collection on chain.

- Contracts should not be upgradeable to prevent external developers from getting around royalty requirements.


## Design and Implementation

### ImmutableERC1155
The ImmutableERC1155 extends OZ's `ERC1155Burnable` contract inheriting the public burn methods to be used by the client.
Permit is added to allow for Gasless transactions from the token owners.

#### Modifications From Base Implementation

- Added total supply tracking for each token id. This will be managed via the pre-transfer hook called by mint, burn and transfer methods
- Added Permits to allow unapproved wallets to become approved without the owner spending gas.
- Override `uri` to return `baseURI` field to keep in standard with ImmutableERC721
- Added `baseURI` to replace `uri` to encourage the usage of `baseURI`


## Attack Surfaces

ERC1155 only has `setApproveForAll` as it's approval method. Meaning any flow that requires a 3rd party to operator on a set of tokens owned by another wallet will grant the third party access to all of that specific wallet's tokens. The third party needs to be entirely trustworthy. The owner needs to be diligent on revoking unrestricted access when not needed.

We can consider implementing a more complicated approval schema if needed. i.e by token id or by token id and amount.

## Tests
`forge test` will run all the related tests.
Loading
Loading