0xSorryNotSorry
commented
1 year ago Create2 uses msg.sender while deploying the contract. So it will result in different msg.sender, different address flow.
Invalid assumption.
Closed code423n4 closed 1 year ago
0xSorryNotSorry
commented
1 year ago Create2 uses msg.sender while deploying the contract. So it will result in different msg.sender, different address flow.
Invalid assumption.
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
GalloDaSballo
commented
1 year ago Incorrect
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/Layr-Labs/eigenlayer-contracts/blob/dbeb85bcd0476e06b8feebf07e33f8a53d54c029/src/contracts/pods/EigenPodManager.sol#L170
Vulnerability details
Impact
_deployPod()is deploying pod but there is a hardcoded salt value of0which can cause issueProof of Concept
There is a risk of address collisions if two different users call the
_deployPodfunction with the same input parameters at the same time. This could result in the same contract being deployed to two different addresses or there is a chance that it will be deployed to the same address, leading to an address collision, which could cause unexpected behavior in the system.Tools Used
manual review
Recommended Mitigation Steps
its recommended not to use the same salt value, better to use random one
Assessed type
Other