EscrowFactory.newEscrow() might always revert due to different salt values producing different addresses
Summary
casting bytes32 salt to uint256 will change the value.
Vulnerability Details
taking a look at solidity docs, i noticed that salt is of byte32 type, see here --https://docs.soliditylang.org/en/latest/control-structures.html#salted-contract-creations-create2
but when EscrowFactory.newEscrow() calls computeEscrowAddress(), it changes the salt from byte32 type to uint256, which will change the value of the salt. see here -- https://ethereum.stackexchange.com/questions/90629/converting-bytes32-to-uint256-in-solidity
Now when this line is run: (take a look at the snippet below)
it uses the original byte32 salt, which will be a different value from uint256(salt) used when calling computeEscrowAddress()
Now this check will always ensure a revert whenever the computed address is different from escrow
Impact
EscrowFactory.newEscrow() might always revert due to different salt values producing different addresses.
Tools Used
Lofi Radio and Manual Review
Recommendations
Don't convert the salt to uint256, use the same value.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.