Smart Contract Smart Contract
Audit Pricing Blog Resources
Get Started

ERC1155 Smart Contract Security

ERC1155 is the multi-token standard — a single contract manages both fungible and non-fungible tokens. Used heavily in gaming and DeFi, it provides batch transfer capabilities that improve gas efficiency but introduce reentrancy risks not present in ERC20 or ERC721.

Vulnerability 1: Batch transfer reentrancy

ERC1155's safeTransferFrom and safeBatchTransferFrom call onERC1155Received (or onERC1155BatchReceived) on recipient contracts. This is an external call that executes during the transfer — before your contract's state is updated.

The batch version is particularly dangerous: a malicious recipient contract can use onERC1155BatchReceived to re-enter your protocol multiple times per batch, potentially claiming the same rewards or positions repeatedly.

// VULNERABLE
function claimRewards(uint256[] calldata ids, uint256[] calldata amounts) public {
    nft.safeBatchTransferFrom(address(this), msg.sender, ids, amounts, "");
    userRewardDebt[msg.sender] = 0; // already re-entered — too late
}

Always apply checks-effects-interactions: update userRewardDebt before the batch transfer. Add ReentrancyGuard. See reentrancy.

Vulnerability 2: Token ID collision

ERC1155 uses arbitrary uint256 IDs to distinguish token types. If IDs are derived from on-chain data (e.g., uint256(keccak256(...))), collisions are theoretically possible. More commonly, ID allocation logic has gaps that allow attackers to mint "reserved" IDs by guessing allocation patterns.

Vulnerability 3: Approval scope risk

ERC1155's setApprovalForAll grants an operator access to all token IDs in the contract — there is no per-ID approval. This is a much broader grant than ERC20's per-token allowance. Wallets and users may not realize they are approving access to the entire collection.

Vulnerability 4: Missing URI validation

The ERC1155 metadata standard allows per-token URIs via the uri(id) function. If the URI is concatenated using unchecked user input, path traversal or injection into IPFS CIDs can result in metadata hijacking.

Secure ERC1155 checklist

  • Wrap all safeTransferFrom and safeBatchTransferFrom calls with ReentrancyGuard
  • Always update internal accounting before transferring tokens
  • Audit ID allocation logic — ensure no ID ranges can be minted outside their intended lifecycle
  • Document the scope of setApprovalForAll clearly in the UI
Security Resources
Vulnerability Glossary · Security Blog · Token Risk Profiles
Chain Guides
Ethereum · Polygon · Arbitrum · Base · BNB Chain
ERC Standard Security
ERC20 · ERC721 · ERC1155 · ERC777 · ERC4626 · ERC2612 · ERC4337
© 2026 Smart Contract Audit — Privacy · Terms · Refund Policy