Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
26 lines (18 loc) · 914 Bytes

001.md

File metadata and controls

26 lines (18 loc) · 914 Bytes
Raw

csanuragjain

medium

Salt used in create is not random enough

Summary

It is possible for 2 users to use the same param while calling create function at AutoRollerFactory.sol#L41 Only the first caller with succeed, since both call will have same args for Create2 call

Vulnerability Detail

  1. User X uses create function with rewardRecipient as A, Target Duration T
  2. User Y also wants to create an AutoRoller with rewardRecipient as A and Target Duration T
  3. But User Y cannot create the same since User X has already deployed the contract.

Impact

User Y will be forced, to use another user deployed AutoRoller (who has used up the rewardRecipient which User Y wished)

Code Snippet

https://github.com/sherlock-audit/2022-11-sense/blob/main/contracts/src/AutoRollerFactory.sol#L60

Tool used

Manual Review

Recommendation

Add nonce while creating AutoRoller which will prevent collision