search

Egis-Security / CTF_Challenge

Repository containing CTF challenges from nmirchev8, deth and bOgO.
14 stars 8 forks source link

deth_ctf - computeAddress() precompute the address wrongly #6

Open Kaiziron opened 2 months ago

Kaiziron commented 2 months ago

Description

computeAddress() precompute the vault address wrongly, the constructor is taking the owner address as an argument, however it is using only the creation code of vault when precomputing the address, resulting in a wrong address.

Impact

The precomputed address will be wrong

Solution

Include the constructor argument msg.sender when precomputing the address :

    function computeAddress() public view returns (address) {
        bytes32 salt = bytes32(uint256(uint160(msg.sender)));
        return address(uint160(uint256(keccak256(abi.encodePacked(
            bytes1(0xff),
            address(this),
            salt,
            keccak256(abi.encodePacked(type(Vault).creationCode, abi.encode(msg.sender)))
        )))));
    }
0xdeth commented 2 months ago

Very good, this was the original issue!.

Gj @Kaiziron.