First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing execution success when using `create` during token deployment

wafflemakr

Summary

Missing execution success when using create during token deployment

Vulnerability Details

When using new L1Token(), it checks that the deployment was successful. The address returned from create can indeed be address(0), and in this case it means that the deployment failed (i.e. example L1Token may revert during the constructor). Although L1Token is a normal ERC20 token, the TokenFactory::deployToken uses a contractBytecode as a function param, to deploy the contract. If this bytecode is not correctly encoded, this can lead to a failed deployment.

Impact

Medium risk. Owner can assume TokenFactory::deployToken was comleted, but token creation did not succeed, creating weird behavior in this contract.

Tools Used

  • Manual Review

Recommendations

Add a check after token deployment to make sure addr is not address(0), and revert if it does. Alternatively, remove assembly entirely and deploy tokens using the new L1Token() syntax:

function deployToken(string memory symbol) public onlyOwner returns (address addr) {
addr = address(new L1Token());
s_tokenToAddress[symbol] = addr;
emit TokenDeployed(symbol, addr);
}
Updates

Lead Judging Commences

0xnevi Lead Judge
almost 2 years ago
0xnevi Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.