Biconomy: Nexus
Fallback handlers with clashing function signatures cannot be used
Lead Judging Commences
finding-fallback-handler-selector-clash
This is a very clever exploit, however, would be dependent on - The user installing the malicious fallback handler. - Additionally, it is highly contraint because it would require the input parameters (`to` and `amount`) of `withdrawDepositTo()` that is also considered when determining the function signature to coincide with the same input parameters of the malicious functionality of the fallback handler Issues #185 and #190 are pointing to similar function clashing root causes so duplicating, but does lack a similar detailed explanation of exploit path.
Appeal created
finding-fallback-handler-selector-clash
This is a very clever exploit, however, would be dependent on - The user installing the malicious fallback handler. - Additionally, it is highly contraint because it would require the input parameters (`to` and `amount`) of `withdrawDepositTo()` that is also considered when determining the function signature to coincide with the same input parameters of the malicious functionality of the fallback handler Issues #185 and #190 are pointing to similar function clashing root causes so duplicating, but does lack a similar detailed explanation of exploit path.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Community Judging
Submissions are being reviewed by the community.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.