Function Signature Collision in VaultControllerStrategy Contract
Summary
The VaultControllerStrategy contract contains two functions with identical signatures, leading to a function selector collision. This can cause unpredictable behavior and potential security vulnerabilities.
Details
In VaultControllerStrategy.sol, there are two functions with the same signature:
Line 111:
Lines 452-460:
Both functions have the same name (withdraw) and identical parameter types (uint256 and bytes calldata). In Solidity, function selectors are determined by the function name and parameter types, not by the function body or modifiers. This means these two functions will have the same selector, creating a collision.
Impact
This function selector collision can lead to several serious issues:
-
Unpredictable Execution: When a call is made to withdraw, it's unclear which implementation will be executed. This can lead to inconsistent behavior and potential security vulnerabilities.
-
Modifier Bypass: The first function has the onlyStakingPool modifier, while the second doesn't. This could potentially allow unauthorized access to withdraw functionality if the wrong function is called.
-
Code Unreachability: One of these functions will likely be unreachable, as the EVM will always execute the first matching function it encounters.
Code Snippet
Recommendation
To resolve this issue:
Rename one of the functions to have a distinct name, e.g., withdrawWithAuth and withdrawWithoutAuth.
Consider using function overloading with different parameter types if distinct functionality is required for different withdrawal scenarios.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.