Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[C4 Finding] Hook deployment is vulnerable to reorg situations #44

Closed
d1ll0n opened this issue Oct 9, 2024 · 1 comment
Closed

[C4 Finding] Hook deployment is vulnerable to reorg situations #44

d1ll0n opened this issue Oct 9, 2024 · 1 comment
Labels
C4 Finding Fix

Comments

@d1ll0n
Copy link
Contributor

d1ll0n commented Oct 9, 2024

Finding: Hook deployment is vulnerable to reorg situations

The issue is that the hooks instance addresses are derived solely from the contract nonce, so if there are reorgs on sidechains and multiple people had deployed in the same time period, the instance addresses could be swapped if the transactions are reordered. Low impact but worth addressing.

Solution: Use Create2 to deploy hooks instances, with salt derived from sender address and a partial salt provided by the caller (same as market salt derivation).
@d1ll0n d1ll0n closed this as completed in 1a52863 Oct 11, 2024
@laurenceday
Copy link
Contributor

Fixed by 1a52863

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C4 Finding Fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@laurenceday @d1ll0n