Upgraded Q -> 2 from #581 [1703633976168] #640
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-247
partial-50
Incomplete articulation of vulnerability; eligible for partial credit only (50%)
Judge has assessed an item in Issue #581 as 2 risk. The relevant finding follows:
[L-08] Address Collision Risk in Callback Validation Logic**
Contract: CallbackLib.sol
The validateCallback function employs deterministic address computation to verify the authenticity of a Uniswap pool. This approach is based on the assumption that the address derived from the contract’s creation bytecode and the creator’s address is unique. However, this method is susceptible to address collision risks, where a different contract, under specific circumstances, might share the same computed address, leading to erroneous validation.
Suggested Fix:
Strengthen the validation logic by incorporating additional checks beyond address computation. This could involve maintaining a registry of verified pool addresses or introducing cryptographic verification methods that ensure the uniqueness and legitimacy of the pool beyond its address.
Code Snippet:
function validateCallback(
address sender,
address factory,
PoolFeatures memory features
) internal pure {
// existing logic to compute and compare addresses
if (
address(
uint160(
uint256(
keccak256(
abi.encodePacked(
bytes1(0xff),
factory,
keccak256(abi.encode(features)),
Constants.V3POOL_INIT_CODE_HASH
)
)
)
)
) != sender
) revert Errors.InvalidUniswapCallback();
}
The text was updated successfully, but these errors were encountered: