Beginner FriendlyFoundryBridge
100 EXP
View results
Submission Details
Severity: low
Invalid

TokenFactory::deployToken deploys any bytecode

Summary

Any bytecode is accepted and deployed by TokenFactory::deployToken(...).

Vulnerability Details

The deployToken(...) function takes arbitrary bytecode and deploys it. We assume the TokenFactory factory to only deploy ERC20 L1Token-like contracts. This is not guaranteed by this function.

Impact

Confusing to users and tricky for parties implementing/relying on the TokenFactory contract.

Tools Used

Manual review

Recommendations

Remove the contractBytecode parameter and deploy the token in a regular way.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.