Biconomy: Nexus
Biconomy
HardhatFoundry
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`createdAccount` is not casted to payable

0xtheblackpanther

GitHub
https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/factory/BiconomyMetaFactory.sol#L70-L81

Summary

The deployWithFactory function returns an address payable createdAccount, but when it is read from location 0x20 via assembly mload(add(returnData, 0x20)), the address might not be payable. Therefore, it is necessary to properly cast it to payable if the address is meant to receive Ether.

Impact

If the returned address is not payable, it will not be able to receive Ether. Since the function expects it to be payable, this discrepancy could lead to issues.

Recommendation

Given the context that createdAccount is expected to be payable, explicitly cast it to address payable to ensure it can receive Ether. Here’s the revised code:

function deployWithFactory(address factory, bytes calldata factoryData) external payable returns (address payable createdAccount) {
require(factoryWhitelist[address(factory)], FactoryNotWhitelisted());
(bool success, bytes memory returnData) = factory.call(factoryData);
// Check if the call was successful
require(success, CallToDeployWithFactoryFailed());
// Decode the returned address and cast it to address payable
createdAccount = payable(abi.decode(returnData, (address)));
}
Updates

Lead Judging Commences

0xnevi Lead Judge
12 months ago
0xnevi Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

0xtheblackpanther Submitter
11 months ago
0xnevi Lead Judge
11 months ago
0xnevi Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.