CodeHawks Escrow Contract - Competition Details

Cyfrin

Foundry

40,000 USDC

View results

Previous Next

Submission Details

Severity: low

Potential Address Calculation Issue

avci

Summary

Potential Address Calculation Issue

Vulnerability Details

In the newEscrow function of the EscrowFactory contract, there is a missing check for a zero value generated by the computeEscrowAddress function. This could lead to unexpected behavior, although the likelihood of occurrence is low.

Impact

Failed Contract Deployments: If the computed address is zero, the deployment of the new Escrow contract will fail, leading to a loss of gas and potential disruptions in the intended flow of the contract.

Tools Used

Manually

Recommendations

To mitigate this potential issue, it is recommended to add a check for zero when computing the predictedAddress in the computeEscrowAddress function. Additionally, verify that the computed address falls within the valid address range (2^160-1) before proceeding with contract deployment or any critical operations involving the computed address.

function computeEscrowAddress(...) public pure returns (address) {

// ... (existing code remains the same)

address predictedAddress = address(uint160(uint256(hash)));

require(predictedAddress != address(0), "Computed address is zero");

require(predictedAddress <= address(2**160 - 1), "Computed address exceeds valid range");

return predictedAddress;

}

Prize pool breakdown

Total prize

40,000 USDC

nSLOC

186

215 USDC / LOC

High Medium

37,000 USDC

Low

3,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.