Hash collision due to the use of abi.encodePacked for dynamic datatypes (`block.timestamp` & `msg.sender`).
Relevant Github Links:
https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/script/forge/DeployAuction.s.sol#L18
Summary
The primary mitigation strategy against potential attacks in the context of create2 is to ensure that the salt used in contract deployment is unpredictable and unique. By using secure, random salt values, performing pre-deployment checks, and designing contracts with robust fallback mechanisms, you can significantly reduce the risk of address predictability and the associated security issues.
Vulnerability Details
A hash collision occurs when two distinct inputs, say input1 and input2, produce the same hash output: keccak256(input1) == keccak256(input2).
Suppose input1 and input2 are different combinations of (deploying_address, salt, init_code) but result in the same keccak256 output.
If a collision occurs, the two different sets of inputs would produce the same contract address when deploying with create2.
Impact
Tools Used
Manual Review
Recommendations
Use abi.encode instead of abi.encodePacked.
Reference:
https://medium.com/coinmonks/rareskills-solidity-interview-question-35-answered-what-is-the-difference-between-abi-encode-2d129a3de71a
https://forum.openzeppelin.com/t/abi-encode-vs-abi-encodepacked/2948
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.