Open code423n4 opened 1 year ago
dmvt marked the issue as primary issue
vince0656 marked the issue as sponsor disputed
LSD is a protocol deployed on ETH only
Understood, but ETH can and has forked. It is also possible that you or a team that succeeds you changes your mind about multiple network deployments.
dmvt marked the issue as satisfactory
dmvt marked the issue as selected for report
The wintermute attack mention is pure gaslighting, there is absolutely nothing scary about this possibility and the likelihood of it occurring is already practically zero. Without an impact stated no way it can be considered M by C4's definition of M. @GalloDaSballo
See my response in the post-judging qa discussion.
Lines of code
https://github.com/code-423n4/2022-11-stakehouse/blob/main/contracts/liquid-staking/LPTokenFactory.sol#L27-L48
Vulnerability details
Impact
Mistakes made on one chain can be re-applied to a new chain
There is no chain.id in the data
If a user does
deployLPToken
using the wrong network, an attacker can replay the action on the correct chain, and steal the funds a-la the wintermute gnosis safe attack, where the attacker can create the same address that the user tried to, and steal the funds from therehttps://mirror.xyz/0xbuidlerdao.eth/lOE5VN-BHI0olGOXe27F0auviIuoSlnou_9t3XRJseY
Proof of Concept
Tools Used
Manual Code Review
Recommended Mitigation Steps
Include the chain.id