Submission Details
Severity:
Unique salt should be used
Summary
Unique salt should be used
Vulnerability Detail
The FjordAuctionFactory contract deploys new factory contracts using create2.
/**
* @notice Creates a new auction contract using create2.
* @param biddingTime The duration of the auction in seconds.
* @param totalTokens The total number of tokens to be auctioned.
* @param salt A unique salt for create2 to generate a deterministic address.
*/
function createAuction(
address auctionToken,
uint256 biddingTime,
uint256 totalTokens,
bytes32 salt
) external onlyOwner {
address auctionAddress = address(
new FjordAuction{ salt: salt }(fjordPoints, auctionToken, biddingTime, totalTokens)
);
// Transfer the auction tokens from the msg.sender to the new auction contract
IERC20(auctionToken).transferFrom(msg.sender, auctionAddress, totalTokens);
emit AuctionCreated(auctionAddress);
}
}
However, the salt used does not include msg.sender which means that the salt is not unique.
Code Snippet
Tool used
Manual Review,
Remix IDE
Recommendation
Consider including msg.sender in the salt used for createAuction() to ensure each user's deployed auction is unique to them.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
66230 USDC / LOC
16,000 USDC
2,500 USDC
1,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.