First Flight #4: Boss Bridge

First Flight #4

Beginner FriendlyFoundryBridge

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Potential overwriting of token address, in deployToken function

azmaeengh

Summary

The deployToken function allows the owner to deploy a new token with a given symbol. If a token with the same symbol already exists, the new token's address will overwrite the existing one in the s_tokenToAddress mapping. This could lead to confusion or potential issues if other parts of the contract (or other contracts) rely on the mapping to always return the correct address for a given symbol.

Vulnerability Details

Impact

The potential for overwriting existing tokens in the contract could have significant implications for the codebase and the protocol that uses this contract.

Loss of Tracking: If a token with the same symbol is overwritten, the contract loses the ability to track the original token. This could lead to confusion and mismanagement of tokens, especially if the contract interacts with other contracts or systems that expect the original token to still be available.
Potential for Fraud: If a malicious actor or a bug in another contract overwrites a token, it could lead to potential fraud. For example, if a token used for governance or staking is overwritten, the attacker could manipulate the contract to their advantage.
Issues with Tokenomics: Overwriting tokens could disrupt the tokenomics of the protocol. Tokenomics refers to the economic aspects of a blockchain token, including supply, demand, use cases, incentives, and distribution. If a token is overwritten, it could disrupt these aspects and affect the value and function of the tokens in the protocol.
Compliance and Regulatory Issues: Depending on the jurisdiction and the nature of the tokens, overwriting tokens could lead to compliance and regulatory issues. For example, if the tokens represent shares in a company, overwriting a token could be considered illegal or fraudulent.

Tools Used

Recommendations

Here's how you can add a check to prevent overwriting of existing tokens:

function deployToken(string memory symbol, bytes memory contractBytecode) public onlyOwner returns (address addr) {

+ require(s_tokenToAddress[symbol] == address(0), "Token with this symbol already exists");

assembly {

addr := create(0, add(contractBytecode, 0x20), mload(contractBytecode))

}

s_tokenToAddress[symbol] = addr;

emit TokenDeployed(symbol, addr);

}

In this improved version of the function, the require function is used to check if a token with the same symbol already exists in the s_tokenToAddress mapping. If it does, the transaction is reverted and an error message is returned. This helps to prevent overwriting of existing tokens and ensures that the mapping always returns the correct address for a given symbol.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

deployToken: non-unique symbol for tokens

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.