The address created by Create2 is not checked to see if it is a non-zero address.
Summary
A high-severity vulnerability has been identified in the AuctionFactory contract's createAuction function. The function fails to verify that the address created using the create2 opcode is not the zero address. This oversight could potentially lead to the loss of tokens if a zero address is inadvertently generated.
Vulnerability Details
The vulnerability is located in the createAuction function of the AuctionFactory contract:
The function uses the create2 opcode to deploy a new FjordAuction contract. However, it does not check if the resulting auctionAddress is the zero address.
Immediately after creating the contract, the function attempts to transfer tokens to the newly created address:
If auctionAddress were to be the zero address, this transfer would result in the permanent loss of the tokens.
Impact
The impact of this vulnerability is potentially severe:
If a zero address is generated, it would result in the immediate and irreversible loss of
totalTokensamount ofauctionToken.The created auction would be non-functional, as it would not have a valid address to interact with.
While the probability of this occurring is extremely low due to the nature of create2, the potential impact is high enough to warrant addressing this vulnerability.
Tools Used
Manual
Recommendations
To mitigate this vulnerability, we recommend implementing a check immediately after creating the auction contract:
This check ensures that if, a zero address is generated, the function will revert before any token transfer occurs.
Reference:https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Create2.sol
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.