Ivshti
commented
2 years ago disputed cause the method signatures in reference are completely out of our control, as they're part of EIPs we implement
Closed code423n4 closed 2 years ago
Ivshti
commented
2 years ago disputed cause the method signatures in reference are completely out of our control, as they're part of EIPs we implement
GalloDaSballo
commented
2 years ago Non issue as the compiler will resolve collisions (or flag them) https://ethereum.stackexchange.com/questions/46182/how-does-the-evm-resolve-method-id-collision
Handle
defsec
Vulnerability details
Impact
The fallback function of Identity.sol checks the methods of functions and calls the appropriate function. Selectors are only 4 bytes long so there is a theoretical probability of a collision (e.g. two functions having the same method).
This is comparable to the "birthday attack" : https://en.wikipedia.org/wiki/Birthday_attack The probability of a collision when you have 93 different functions is 10^−6. Due to the structure of the Identity.sol, the solidity compiler does not prevent collisions
Proof of Concept
The codes
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/Identity.sol#L40
Tools Used
None
Recommended Mitigation Steps
Double check (perhaps via a continuous integration script / github workflow), that there are no collisions of the methods.