Submission Details
Severity:
Insufficient check in CREATE2
Summary
CREATE2 is used to deploy proxy contracts . As per Ethereum Yellow Paper, Create2 does not revert , but returns address(0) in the following cases:-
A contract already exists at the destination address.
Insufficient value to transfer.
Sub context reverted.
Insufficient gas to execute the initialisation code.
Call depth limit reached.
Vulnerability Details
proxy deployment failure assumed successful which can lead to loss of sponsored funds
Impact
Unintended Behaviour
Tools Used
Recommendations
Add a check to ensure deployed proxy address != address(0)
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
19477 USDC / LOC
14,000 USDC
1,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.