The Deployment script uses the wrong USDC address
Summary
The deployment script for the contract utilizes an incorrect address for USDC (USD Coin) during deployment. This oversight can lead to the deployment of the contract with an invalid or outdated USDC address, potentially causing issues with the contract's functionality and interoperability with external systems.
Vulnerability Details
The vulnerability stems from the incorrect specification of the USDC address in the deployment script. Using an incorrect address can result in the contract interacting with the wrong token contract, leading to unexpected behavior, errors, or failures during execution. Additionally, if the specified address corresponds to an outdated or deprecated USDC contract, it may lack compatibility with current standards or functionalities required by the contract.
Impact
The impact of this vulnerability can range from minor operational disruptions to significant financial risks, depending on the nature of the contract and its reliance on the USDC token. In the worst-case scenario, deploying the contract with an incorrect USDC address could render the contract non-functional or expose it to potential security vulnerabilities, jeopardizing user funds and trust in the system.
Tools Used
Manual Review
Recommendations
To address this vulnerability, it is crucial to verify and update the deployment script with the correct and up-to-date USDC address before proceeding with deployment.
Lead Judging Commences
usdc-wrong-address
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.