Potential ERC-20 operation failures due to insufficient validation during token creation
Summary
In the deployToken function within TokenFactory.sol, there is a potential vulnerability related to the validation of token creation results. The current implementation does not adequately validate the result of the token creation process, which may lead to unexpected behavior if the deployment fails.
Vulnerability Details
The deployToken function utilizes the EVM opcode CREATE for token creation. In the event of a deployment failure, the stack output will be zero. However, there is a lack of validation for this zero address, allowing the subsequent assignment to s_tokenToAddress to succeed. This oversight may result in failed operations or raise security concerns.
Impact
If the token creation process fails, the s_tokenToAddress mapping will associate a symbol with a zero address. Consequently, any attempts to perform ERC-20 operations on the affected token will result in failure.
Tools Used
Manual Review
Recommendations
It is recommended to enhance the security of the deployToken function by implementing thorough validation of the result stored in addr. Specifically, if the return value is zero, consider reverting the transaction or raising an appropriate error to prevent further unintended consequences. This validation step will help ensure the integrity of the token creation process and mitigate potential security risks.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.