Submission Details
Severity:
Unsafe casting from uint256 to uint160 in computeEscrowAddress
Summary
Unsafe casting from uint256 to uint160 in computeEscrowAddress
Vulnerability Details
in the contract Escrowfactory.sol the function does unsafe downcasting from uint256 to uint160
in here:
https://github.com/Cyfrin/2023-07-escrow/blob/main/src/Escrow.sol#L119
function computeEscrowAddress(
bytes memory byteCode,
address deployer,
uint256 salt,
uint256 price,
IERC20 tokenContract,
address buyer,
address seller,
address arbiter,
uint256 arbiterFee
) public pure returns (address) {
address predictedAddress = address(
uint160(
uint256(
keccak256(
abi.encodePacked(
bytes1(0xff),
deployer,
salt,
keccak256(
abi.encodePacked(
byteCode, abi.encode(price, tokenContract, buyer, seller, arbiter, arbiterFee)
)
)
)
)
)
)
);
return predictedAddress;
}
}
unsafe downcasting from uint256 to uint160 in this part of the code
uint160(
uint256(
keccak256(
abi.encodePacked(
bytes1(0xff),
deployer,
salt,
keccak256(
abi.encodePacked(
byteCode, abi.encode(price, tokenContract, buyer, seller, arbiter, arbiterFee)
)
)
)
)
)
)
Impact
unsafe downcast will create an unexpected truncate values.
Tools Used
Recommendations
We recommend the project handle downcasting and use safe casting library.
https://docs.openzeppelin.com/contracts/3.x/api/utils#SafeCast
Prize pool breakdown
Total prize
40,000 USDC
nSLOC
186215 USDC / LOC
37,000 USDC
3,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.