c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
Issue mitigated
About the problem
This report is about reorg on the chain. In case if someone has created vault and sent funds to it and then reorg happens, then attacker can frontrun vault deploying in order to deploy that vault for himself and receive victim's funds. Usually, such bugs are not awarded as medium on c4.
Solution
As it was proposed by wardens, pool together team fixed issue with using
create2for vault deploying. Salt depends on caller and it's nonce. So in case of reorg, vault with same address will be created and funds will be safe.