40,000 USDC
View results
Submission Details
Severity: low

Unsafe downcast

Summary

When a type is downcast to a smaller type, the higher order bits are truncated, effectively applying a modulo to the original value. Without any other checks, this wrapping will lead to unexpected behavior and bugs.

Vulnerability Details

There is 1 instance of this issue.

File: src/EscrowFactory.sol
68: uint160(
69: uint256(
70: keccak256(
71: abi.encodePacked(
72: bytes1(0xff),
73: deployer,
74: salt,
75: keccak256(
76: abi.encodePacked(
77: byteCode, abi.encode(price, tokenContract, buyer, seller, arbiter, arbiterFee)
78: )
79: )
80: )
81: )
82: )
83: )
File Link Instance Count Instance Link
EscrowFactory.sol 1 68

Impact

A hash collision would results in a incorrectly computed escrow address.

Tools Used

baudit: a custom static code analysis tool; manual review

Recommendations

Use OpenZeppelin's SafeCast so that transactions revert when such an operation overflows. Using this library instead of the unchecked operations eliminates an entire class of bugs, so it is recommended to always use it.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.