Passing lambda into Balance_of entry point can be exploited to spoof a receiver

[emishur]

From Tom Jack:
"now, here's my impersonation example: I call the erc1155 Balance_of_batch method. I pass a lambda which generates a On_erc1155_batch_received transfer to the victim erc1155_token_receiver the erc1155 thinks this is an innocent "view" operation, but it is not"

"the correct way is for the caller of Balance_of_batch to pass a (balance_request * nat list)contract instead of the lambda, and for the erc1155 to (carefully) construct the TRANSFER_TOKENS (or perhaps address instead of contract, unclear).

this is still somewhat tricky, you need to ensure that the type (balance_request * nat list) cannot be used for "impersonation"

e.g. is incompatible with the types for On_erc1155_batch_received"

┆Created By: tqbot