Upgraded Q -> 2 from #581 [1702572385750] #630
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-247
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Comments
c4-judge
added
the
2 (Med Risk)
c4-judge
added a commit
that referenced
this issue
Dec 14, 2023
|
Picodes marked the issue as duplicate of #128 |
|
Picodes marked the issue as satisfactory |
c4-judge
added
satisfactory
|
Picodes marked the issue as partial-50 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #581 as 2 risk. The relevant finding follows:
[L-08] Address Collision Risk in Callback Validation Logic**
Contract: CallbackLib.sol
The validateCallback function employs deterministic address computation to verify the authenticity of a Uniswap pool. This approach is based on the assumption that the address derived from the contract’s creation bytecode and the creator’s address is unique. However, this method is susceptible to address collision risks, where a different contract, under specific circumstances, might share the same computed address, leading to erroneous validation.
Suggested Fix:
Strengthen the validation logic by incorporating additional checks beyond address computation. This could involve maintaining a registry of verified pool addresses or introducing cryptographic verification methods that ensure the uniqueness and legitimacy of the pool beyond its address.
Code Snippet:
function validateCallback(
address sender,
address factory,
PoolFeatures memory features
) internal pure {
// existing logic to compute and compare addresses
if (
address(
uint160(
uint256(
keccak256(
abi.encodePacked(
bytes1(0xff),
factory,
keccak256(abi.encode(features)),
Constants.V3POOL_INIT_CODE_HASH
)
)
)
)
) != sender
) revert Errors.InvalidUniswapCallback();
}
The text was updated successfully, but these errors were encountered: