From 51b9dbde062bdbfba2b36d423c9b27960dd3186e Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Thu, 13 Jun 2024 15:15:50 +1000 Subject: [PATCH] add functions --- .../202312-threat-model-preset-erc1155.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index a403c6a6..9a25713a 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -56,6 +56,57 @@ Potential Attacks: - Compromised Offchain auth: - Since EIP4494 combined with EIP1271 relies on off chain signatures that are not standard to the ethereum signature scheme, user auth info can be compromised and be used to create valid EIP1271 signatures. +### Externally Visible Functions + +An attacker could formulate an attack in which they send one or more transactions that execute one or more of these functions. + +Functions that _change_ state: +| Name | Function Selector | Access Control | +| ------------------------------------------------------------- | ----------------- | --------------------- | +| burn(address,uint256,uint256) | f5298aca | None - permisionless | +| burnBatch(address,uint256[],uint256[]) | 6b20c454 | None - permisionless | +| grantMinterRole(address) | 3dd1eb61 | DEFAULT_ADMIN_ROLE | +| grantRole(bytes32,address) | 2f2ff15d | DEFAULT_ADMIN_ROLE | +| permit(address,address,bool,uint256,bytes) | d6b0b3f1 | None - permissionless | +| renounceRole(bytes32,address) | 36568abe | None - permissionless | +| revokeMinterRole(address) | 69e2f0fb | DEFAULT_ADMIN_ROLE | +| revokeRole(bytes32,address) | d547741f | DEFAULT_ADMIN_ROLE | +| safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) | 2eb2c2d6 | allowlisted operator for non EOA's | +| safeMint(address,uint256,uint256,bytes) | 5cfa9297 | MINTER_ROLE | +| safeMintBatch(address,uint256[],uint256[],bytes) | c39dfed8 | MINTER_ROLE | +| safeTransferFrom(address,address,uint256,uint256,bytes) | f242432a | allowlisted operator for non EOA's | +| setApprovalForAll(address,bool) | a22cb465 | allowlisted operator for non EOA's | +| setBaseURI(string) | 55f804b3 | DEFAULT_ADMIN_ROLE | +| setContractURI(string) | 938e3d7b | DEFAULT_ADMIN_ROLE | +| setDefaultRoyaltyReceiver(address,uint96) | 885e7a08 | DEFAULT_ADMIN_ROLE | +| setNFTRoyaltyReceiver(uint256,address,uint96) | 439aed34 | MINTER_ROLE | +| setNFTRoyaltyReceiverBatch(uint256[],address,uint96) | a7012816 | MINTER_ROLE | + +Functions that _do not change_ state: +| Name | Function Selector | Access Control | +| ------------------------------------------------------------- | ----------------- | --------------------- | +| DEFAULT_ADMIN_ROLE() | a217fddf | None - permissionless | +| DOMAIN_SEPARATOR() | 3644e515 | None - permissionless | +| MINTER_ROLE() | d5391393 | None - permissionless | +| balanceOf(address,uint256) | 00fdd58e | None - permissionless | +| balanceOfBatch(address[],uint256[]) | 4e1273f4 | None - permissionless | +| baseURI() | 6c0360eb | None - permissionless | +| contractURI() | e8a3d485 | None - permissionless | +| eip712Domain() | 84b0196e | None - permissionless | +| exists(uint256) | 4f558e79 | None - permissionless | +| getAdmins() | 31ae450b | None - permissionless | +| getRoleAdmin(bytes32) | 248a9ca3 | None - permissionless | +| getRoleMember(bytes32,uint256) | 9010d07c | None - permissionless | +| getRoleMemberCount(bytes32) | ca15c873 | None - permissionless | +| hasRole(bytes32,address) | 91d14854 | None - permissionless | +| isApprovedForAll(address,address) | e985e9c5 | None - permissionless | +| nonces(address) | 7ecebe00 | None - permissionless | +| operatorAllowlist() | 29326f29 | None - permissionless | +| royaltyInfo(uint256,uint256) | 2a55205a | None - permissionless | +| supportsInterface(bytes4) | 01ffc9a7 | None - permissionless | +| totalSupply(uint256) | bd85b039 | None - permissionless | +| uri(uint256) | 0e89341c | None - permissionless | + ## Tests `forge test` will run all the related tests.