Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

Latest commit

 

History

History
55 lines (33 loc) · 1.21 KB

133.md

File metadata and controls

55 lines (33 loc) · 1.21 KB

V1235813

medium

addressToShortString method gives same result for two different address (LOW)

Summary

In d3token addressToShortString method gives same result for two different address

Vulnerability Detail

Two different address was were giving in the addressToShortString method. There output were same

  1. 0x378C71dA117b43C1DC0abB15354FC40fBbcAEA9E
  2. 0x378c71DA117b43c1dC0ABb15354Fc40fBbcAea9d

output were same

378c71da 378c71da

Impact

Two different will have same shortString

Code Snippet

https://gist.github.com/ranevikram12/2880c6adc6d69c74482dcc8533aa2a07#file-gistfile1-txt-L29

function testAddressToShortStringSame() public { string memory adtEST2 = d3Token.addressToShortString( address(0x378C71dA117b43C1DC0abB15354FC40fBbcAEA9E) ); string memory adtEST3 = d3Token.addressToShortString( address(0x378c71DA117b43c1dC0ABb15354Fc40fBbcAea9d) );

    console.log("adtEST2 = ", adtEST2);
    console.log("adtEST3 = ", adtEST3);

    // both address are different but output is same
    assertEq(adtEST2, adtEST3);
}

Tool used

Foundry

Manual Review

Recommendation

It must have a way to make the string output unique