Incorrect parameter encoding in Deployer library may lead to initialization failures in `Deployer.sol`
Summary
Vulnerability Detail
The Deployer library contains functions deployERC721Bridgeable() and deployERC1155Bridgeable() that incorrectly encode initialization parameters for the deployed contracts. These functions use abi.encodeWithSelector() with abi.encode() nested inside, which results in the parameters being encoded into a single bytes array. However, the initialize() functions of the deployed contracts expect separate parameters, not a single encoded bytes array.
For example, in deployERC721Bridgeable():
Impact
This incorrect encoding can prevent proper initialization of the deployed contracts, potentially leading to unexpected behavior or vulnerabilities.
Tools Used
Manual Review
Recommendation
To fix this issue, the parameters should be passed directly to abi.encodeWithSelector():
Similar changes should be applied to the deployERC1155Bridgeable() function. This correction ensures that the initialization parameters are properly encoded and passed to the deployed contracts, allowing for correct initialization.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.