Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Managed.sol#L137
_erc1967Slot function is called in 4 files but is not encoded correctly.
bytes32(uint256(keccak256(bytes(name))) - 1); should be written as bytes32(uint256(keccak256(abi.encode(bytes(name)))) - 1);
Manual Review
Wrap it with abi.encode to ensure it is a right hashing
Lacks proof https://ethereum.stackexchange.com/questions/9142/how-to-convert-a-string-to-bytes32
GalloDaSballo marked the issue as unsatisfactory: Insufficient proof
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/Managed.sol#L137
Vulnerability details
Impact
_erc1967Slot function is called in 4 files but is not encoded correctly.
Proof of Concept
bytes32(uint256(keccak256(bytes(name))) - 1); should be written as bytes32(uint256(keccak256(abi.encode(bytes(name)))) - 1);
Tools Used
Manual Review
Recommended Mitigation Steps
Wrap it with abi.encode to ensure it is a right hashing