Use `encodeCall` instead of `encodeWithSelector`
Summary
deployERC721Bridgeable() and deployERC1155Bridgeable() functions uses abi.encodeWithSelector to encode the dataInit function call. This method however, doesn't provide type checking of function arguments.
Vulnerability Details
As seen, the dataInit is encoded without any type checking.
abi.encodeCall will check the arguments type and gives error if not same.
Impact
Missing type check can lead to unexpected behavior.
Tools Used
Manual Review
Recommendations
Consider using encodeCall to generate dataInit.
Lead Judging Commences
Informational / Gas
Please, do not suppose impacts, think about the real impact of the bug and check the CodeHawks documentation to confirm: https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity A PoC always helps to understand the real impact possible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.