Some token pair pools can never be created #37
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
edited-by-warden
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
code423n4
added
3 (High Risk)
|
Considering the salt this would be a hash collision so we should be safe. |
|
Picodes marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-01-timeswap/blob/ef4c84fb8535aad8abd6b67cc45d994337ec4514/packages/v2-option/src/TimeswapV2OptionDeployer.sol#L32-L35
https://github.com/code-423n4/2023-01-timeswap/blob/ef4c84fb8535aad8abd6b67cc45d994337ec4514/packages/v2-pool/src/TimeswapV2PoolDeployer.sol#L25-L29
Vulnerability details
Impact
when try to deploy pool or option contract if created address has been deployed before, there is no chance to create this pair.
Proof of Concept
Due to creation of pool and option contracts are deterministic and there is no chance to create with different address in optionFactory and deploymentFactory contracts,it may behave unexpected in future because of the generated address has probably been created in ethereum chain before by someone.This situation cause EVM error revert. At that position there is no mechanism to deploy with different address so desired pair pool or option contract can't be created in any way.
This issue discussed in ethereum/EIPs#684.
Tools Used
Recommended Mitigation Steps
Can be given permission to owner for change create mechanism if creating of specific pair is reverted. Another way is use a nonce value.Start with 0 and if contract creation is reverted increase nonce value 1.
There is a exapmle code for using nonce escape mechanism.
https://imgur.com/sTa3Vwd
The text was updated successfully, but these errors were encountered: