deth_ctf - codeHash check in deployVault does not correctly check for non-empty address, malicious user can self-destruct 1 wei to prevent an account from creating a vault forever.
#28
Comments
IkiliagwuC
changed the title
deployVault does not correctly check for non-empty addressdeployVault does not correctly check for non-empty address
|
The solution is not good. You should use |
IkiliagwuC
changed the title
deployVault does not correctly check for non-empty addressdeployVault does not correctly check for non-empty address, malicious user can self-destruct 1 wei to prevent an account from creating a vault forever.
|
Duplicate of #9. |
0xdeth
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of the Bug: In the deployVault function users can deploy vaults to a computeAddress, a malicious user can compute anothers user's Vaultaddress, and forcefully(self-destruct) send 1 wei to the computed address to lock the user out of the protocol vault creation forever .
Because the check
vaultAddress.codehash != bytes32(0)fails even if the vault has not been deployed but contains some ether(as little as 1 wei).Impact: Users can be locked out of vault creation forever at very little expense by attacker(1 wei)
Solution: add this check if (vaultAddress.codehash != bytes32(0)) && vaultAddress.codehash != keccak256("") return VaultAlreadyDeployed;
The text was updated successfully, but these errors were encountered: