Skip to content

feat: ERC-20/721/1155 standard compliance checker rule set #11

Description

@Nanle-code

Overview

Incorrect ERC token standard implementation is a major source of integration bugs and security vulnerabilities. Missing return values, wrong event signatures, and missing reentrancy guards on ERC-777 hooks have caused significant losses. ChainProof needs a dedicated ERC compliance rule set.

Standards to Cover

ERC-20 (CP-ERC20)

  • Missing bool return on transfer/transferFrom — breaks integrators
  • Missing Transfer and Approval events — breaks indexers and integrators
  • Non-standard decimals — should return uint8, not uint256
  • Direct approve without increaseAllowance/decreaseAllowance pattern (race condition)

ERC-721 (CP-ERC721)

  • Missing safeTransferFrom reentrancy guard — onERC721Received callback creates reentrancy vector
  • Missing supportsInterface — required by ERC-165
  • Unrestricted _mint callable without access control

ERC-1155 (CP-ERC1155)

  • Missing TransferSingle/TransferBatch events
  • Missing onERC1155Received reentrancy consideration

Detection Strategy

  1. Detect which ERC standard a contract implements via function signature heuristic
  2. Apply the corresponding compliance rule set
  3. Scale finding severity to exploit impact
export function detectERCStandard(ast: ASTNode): 'ERC20' | 'ERC721' | 'ERC1155' | null
export function checkERC20Compliance(ast: ASTNode, source: string): Finding[]
export function checkERC721Compliance(ast: ASTNode, source: string): Finding[]
export function checkERC1155Compliance(ast: ASTNode, source: string): Finding[]

Acceptance Criteria

  • ERC standard auto-detection via function signature heuristics
  • ERC-20: missing return value, missing events, decimals type check
  • ERC-721: safeTransferFrom reentrancy, supportsInterface, unrestricted mint
  • ERC-1155: missing transfer events
  • Non-compliant example contracts in examples/contracts/erc/
  • Rule IDs prefixed CP-ERC20-, CP-ERC721-, CP-ERC1155-*

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignenhancementNew feature or request

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions