Closed code423n4 closed 2 years ago
disputed cause the method signatures in reference are completely out of our control, as they're part of EIPs we implement
Non issue as the compiler will resolve collisions (or flag them) https://ethereum.stackexchange.com/questions/46182/how-does-the-evm-resolve-method-id-collision
Handle
defsec
Vulnerability details
Impact
The fallback function of Identity.sol checks the methods of functions and calls the appropriate function. Selectors are only 4 bytes long so there is a theoretical probability of a collision (e.g. two functions having the same method).
This is comparable to the "birthday attack" : https://en.wikipedia.org/wiki/Birthday_attack The probability of a collision when you have 93 different functions is 10^−6. Due to the structure of the Identity.sol, the solidity compiler does not prevent collisions
Proof of Concept
The codes
https://github.com/code-423n4/2021-10-ambire/blob/bc01af4df3f70d1629c4e22a72c19e6a814db70d/contracts/Identity.sol#L40
Tools Used
None
Recommended Mitigation Steps
Double check (perhaps via a continuous integration script / github workflow), that there are no collisions of the methods.