40,000 USDC
View results
Submission Details
Severity: medium

Potential for Contract Address Collision

Summary

Potential for Contract Address Collision

Vulnerability Details

The newEscrow function in the escrowFactory file computes the address of the new Escrow contract using the computeEscrowAddress function. However, there is a possibility of address collision if the same salt value is used for two different Escrow contracts with different input parameters, especially as the salt is a user input.

Impact

A contract address collision can lead to unexpected behaviour, incorrect interactions between different Escrow contracts, and potential fund losses.

Tools Used

Remix, Manual Code Review

Recommendations

To prevent the contract address collision, ensure that the salt value is unique for each new Escrow contract. One approach is to add a nonce along with the salt to make it unique.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.