First Flight #4: Boss Bridge

First Flight #4

Beginner FriendlyFoundryBridge

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

No validation of contractBytecode, Wasted Gas and Resources

0xtheblackpanther

Summary

Deployment of contracts with incorrect contractBytecode in the deployToken function can result in failed deployments, wasted resources, address calculation issues, operational disruption, security risks, and potential data loss. To mitigate these risks, bytecode validation and proper error handling should be implemented

Vulnerability Details

Lack of bytecode validation in deployToken can lead to insecure contract deployments with incorrect bytecode.

Impact

No validation of contractBytecode can lead to failed deployments, wasted resources, address calculation issues, operational disruption, security risks, and potential data loss

POC

copy and paste the below test in TokenFactoryTest
run forge test --match-path test/TokenFactoryTest.t.sol -vvvv
Even that the byteCode is incorrect, you will get Test result: ok. 2 passed; 0 failed; 0 skipped; finished in 1.32ms

function testIncorrectDeployment() public {

vm.prank(owner);

// Simulate an incorrect deployment by using the provided incorrectBytecode

bytes memory incorrectBytecode = hex"0080fd5b5060df8061001f60";

address tokenAddress = tokenFactory.deployToken("MyToken", incorrectBytecode);

// Assertion

assertEq(tokenAddress, tokenFactory.getTokenAddressFromSymbol("MyToken"));

}

Tools Used

Foundry and Manual review

Recommendations

Add bytecode validation function in deployToken function, so that it checks if the bytecode length is divisible by 32 and has an odd word count (word count in 32-byte chunks)

+require(isValidBytecode(contractBytecode), "Invalid bytecode format");

Function code:

function isValidBytecode(bytes memory bytecode) internal pure returns (bool) {

// Check if bytecode length is divisible by 32

if (bytecode.length % 32 != 0) {

return false;

}

// Check if the word count (32-byte chunks) is odd

uint256 wordCount = bytecode.length / 32;

if (wordCount % 2 == 0) {

return false;

}

// If both conditions are met, the bytecode is considered valid

return true;

}

Updates

Lead Judging Commences

0xnevi Lead Judge

almost 2 years ago

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Known issue

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.