Sparkn

CodeFox Inc.
DeFiFoundryProxy
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

salt and implementation can be mimicked and prevent actual contract creation

serverconnected

Summary

The ProxyFactory contract deploys proxy contracts and distributes rewards. However, there are vulnerabilities in the contract deployment process that could lead to undesirable consequences. Specifically, the use of predictable salt values.

Vulnerability Details

The _calculateSalt function is used to compute the salt for contract deployment. The salt is based on the contestId and the implementation address. If an attacker can predict the values of contestId and implementation used to compute the salt, they might be able to deploy a proxy contract with the same salt value and higher gas fee, effectively front-running the actual contract deployment and reverting it.

Impact

It could lead to effectively front-running the actual contract deployment and reverting it.

function deployProxyAndDistribute(bytes32 contestId, address implementation, bytes calldata data)
public
returns (address)
{
bytes32 salt = _calculateSalt(msg.sender, contestId, implementation);
if (saltToCloseTime[salt] == 0) revert ProxyFactory__ContestIsNotRegistered();
// can set close time to current time and end it immediately if organizer wish
if (saltToCloseTime[salt] > block.timestamp) revert ProxyFactory__ContestIsNotClosed();
address proxy = _deployProxy(msg.sender, contestId, implementation);
_distribute(proxy, data);
return proxy;
}

Tools Used

Manual review

Recommendations

Add an additional source of entropy to the salt computation process, such as a random nonce generated by the contract, to make the salt unpredictable. This would mitigate the risk of attackers predicting salt values and deploying malicious contracts.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.