Submission Details
Severity:
Unsafe casting of `salt` may cause failure in creating escrow .
Summary
Unsafe casting of salt may cause failure in creating escrow . salt is a very crucial part of CREATE2 functionality . Casting it to uint256 will change it's value resulting in a different address generation . Which will cause failure in new escrow creation .
Vulnerability Details
The code looks like this :
function newEscrow(
uint256 price,
IERC20 tokenContract,
address seller,
address arbiter,
uint256 arbiterFee,
bytes32 salt //<-------------------input as bytes32
) external returns (IEscrow) {
address computedAddress = computeEscrowAddress(
type(Escrow).creationCode,
address(this),
uint256(salt), //<-----------------------casted to uint256 to compute new escrow address
price,
tokenContract,
msg.sender,
seller,
arbiter,
arbiterFee
);
tokenContract.safeTransferFrom(msg.sender, computedAddress, price);
Escrow escrow = new Escrow{salt: salt}( <--------------------but here bytes32 salt is used to generate Escrow(No casting )
price,
tokenContract,
msg.sender,
seller,
arbiter,
arbiterFee
);
if (address(escrow) != computedAddress) {
revert EscrowFactory__AddressesDiffer();
}
emit EscrowCreated(address(escrow), msg.sender, seller, arbiter);
return escrow;
}
This may generate different address each time and eventually revert the txn becuase of address mismatch .
Impact
May cause failure in generating new escrow .
Tools Used
Manual review
Recommendations
Remove the unsafe casting .
Prize pool breakdown
Total prize
40,000 USDC
nSLOC
186215 USDC / LOC
37,000 USDC
3,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.