HardhatFoundry
30,000 USDC
View results
Submission Details
Severity: medium
Invalid

Unused Parameters in Address Computation

Summary

The computeAccountAddress function accepts several parameters, such as address, uint256, address[] calldata, and uint8. However, these parameters are not explicitly referenced within the function body. Instead, the entire calldata is used to compute the salt, which can lead to confusion as it is not clear how each individual parameter influences the salt and subsequently the address computation. This might also lead to potential errors if parameters are expected to affect the address computation but are ignored.

function computeAccountAddress(address, uint256, address[] calldata, uint8) external view returns (address payable expectedAddress) {
// Compute the actual salt for deterministic deployment
bytes32 actualSalt;
assembly {
let ptr := mload(0x40)
let calldataLength := sub(calldatasize(), 0x04)
mstore(0x40, add(ptr, calldataLength))
calldatacopy(ptr, 0x04, calldataLength)
actualSalt := keccak256(ptr, calldataLength)
}
// Predict the deterministic address using the LibClone library
expectedAddress = payable(LibClone.predictDeterministicAddressERC1967(ACCOUNT_IMPLEMENTATION, actualSalt, address(this)));
}

Impact

  • Confusion for Developers: Developers might assume that individual parameters are used directly in the computation, leading to misunderstandings and incorrect implementations.

  • Potential Errors: If the function's logic changes or if developers expect the parameters to influence the computation, this discrepancy can result in incorrect address computations, which could affect contract deployments and other dependent logic.

Tools Used

Manual Review

Recommendations

Refactor the function to explicitly use and document each parameter in the computation process.

Updates

Lead Judging Commences

0xnevi Lead Judge
12 months ago
0xnevi Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.