The VaultFactory::createVault() function creates a new vault and returns its address. However, the address of the newly created vault is determined using the VaultDeployer::deployVault() function, which deploys the vault using the CREATE opcode. This opcode generates the contract address based on the contract creator's address and nonce.
function deployVault(
address _factory,
address _vaultOwner,
string memory _name
) external returns (address) {
// Deploy a new instance of the Vault contract
@> Vault vault = new Vault( // @audit CREATE opcode
_factory,
_vaultOwner,
_name,
vaultExtraSettings
);
return address(vault);
}
The predictable nature of this address generation method (based on nonce) poses a risk, particularly in the event of blockchain reorganizations (reorgs).
During a reorg, transactions (including contract creations) might be rolled back, resetting the nonce. An attacker observing the network could exploit this by deploying their own contract with the same address during a reorg, especially in networks susceptible to reorgs, and intercept funds or interactions meant for the original contract.
Arbitrum rollups (Optimism/Arbitrum/Polygon) are suspect to reorgs since if someone finds a fraud the blocks will be reverted, even though the user receives a confirmation and already created a vault.
Attack scenario:
Alice deploys a vault and sends funds to it via VaultFactory::addCollateralNative()
Bob observes a network block reorg and calls VaultFactory::createVault(), creating a vault with an address to which Alice sends funds.
Alice's transactions are executed, and she transfers funds to Bob's controlled vault.
Recommendation
To mitigate this risk, it is recommended to use the CREATE2 opcode for deploying new vault contracts. The CREATE2 opcode allows for a more unpredictable and safer contract address generation by including a user-provided salt value along with the deployer's address and nonce.
Impact
Severity: High Likelihood: Medium
Context
VaultDeployer::deployVault()
Description
The
VaultFactory::createVault()function creates a new vault and returns its address. However, the address of the newly created vault is determined using theVaultDeployer::deployVault()function, which deploys the vault using theCREATEopcode. This opcode generates the contract address based on the contract creator's address and nonce.The predictable nature of this address generation method (based on nonce) poses a risk, particularly in the event of blockchain reorganizations (reorgs).
During a reorg, transactions (including contract creations) might be rolled back, resetting the nonce. An attacker observing the network could exploit this by deploying their own contract with the same address during a reorg, especially in networks susceptible to reorgs, and intercept funds or interactions meant for the original contract.
Arbitrum rollups (Optimism/Arbitrum/Polygon) are suspect to reorgs since if someone finds a fraud the blocks will be reverted, even though the user receives a confirmation and already created a vault.
Attack scenario:
VaultFactory::addCollateralNative()VaultFactory::createVault(), creating a vault with an address to which Alice sends funds.Recommendation
To mitigate this risk, it is recommended to use the
CREATE2opcode for deploying new vault contracts. TheCREATE2opcode allows for a more unpredictable and safer contract address generation by including a user-provided salt value along with the deployer's address and nonce.