Closed c4-submissions closed 12 months ago
raymondfam marked the issue as low quality report
raymondfam marked the issue as duplicate of #129
alex-ppg marked the issue as not a duplicate
The relevant nonce increment statement will never realistically overflow; the number of deployments that would need to occur for such an operation are incomprehensible. In detail, the total number of all addresses on Ethereum would have actually run out roughly 2**96
times.
Additionally, callers are free to utilize other _salt
values. As such, this exhibit is invalid.
alex-ppg marked the issue as unsatisfactory: Invalid
Hi @alex-ppg Thanks for judging.
I would like to add below points on why this issue is cause of concern.
Since the hash value is computed by using the keccak256(abi.encodePacked(_ownersHash, ownerSafeCount[_ownersHash]++, _salt, VERSION))
, is really difficult to predict which value would cause the overflow.
We have seen in other contracts which we audited, where the hashing and type conversion is done using the unchecked
in order to avoid unnecessary revert which would cause glitches in functioning the system steadily.
I agree that user can change the input salt value, but it is practically tough to go trial and error method to pick a salt value when revert happen randomly / continuously when the other values are dynamic.
This issue would be glitch which cause unpleasant to users. We would see this as temporary DOS.
This issue will happen randomly and will impact most of the users.
I fully respect the judges decision on this issue.
Thanks!
Hey @aktech297, thank you for chiming in!
The ownerSafeCount
value is mutated in a single instance of the codebase; the referenced post-fix increment statement (ownerSafeCount[_ownersHash]++
).
This means that the value of ownerSafeCount
is incremented by 1
each time the SafeDeployer::_genNonce
function is invoked. This function will successfully increment the ownerSafeCount
solely in the following scenarios:
As such, each 1
value increment of the ownerSafeCount
means that an address
in the blockchain is occupied by a smart contract.
Given that an address
is a uint160
value under the hood, this means that we would have to deploy a smart contract on every possible address on Ethereum before we are even close to an overflow occurring.
To add one last statement to this response, permitting overflows to occur in this case would actually cause the code to always fail as a deployment would have already existed on the overflown 0
value.
In summary, for all intents and purposes that the EVM permits an overflow will not occur in our lifetimes and even if it did, an unchecked
tag would not solve it.
Lines of code
https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/SafeDeployer.sol#L228 https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/SafeDeployer.sol#L240 https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/SafeDeployer.sol#L253
Vulnerability details
Impact
Genosis safe account can not be created due to overflow of _genNonce
Proof of Concept
The contract
SafeDeployer
deploy the Genosys safe account. To this, there are set of function which accomplish this task.First the function
deployConsoleAccount
will be called with relevant input parameters. This calls the_createSafe
function to create the safe account.when we look at the
_createSafe
function, it has the logic to calculate and deploy the Genosys safe account.nonce value is generate based on owners and user provided salt.
https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/SafeDeployer.sol#L219-L245
as mentioned in above function, the nonce value is calculated by calling the function _genNonce. when we look at the function
https://github.com/code-423n4/2023-10-brahma/blob/dd0b41031b199a0aa214e50758943712f9f574a0/contracts/src/core/SafeDeployer.sol#L253-L255
Tools Used
Manual review
Recommended Mitigation Steps
Use unchecked { based function implementation to avoid the revert due to overflow.
Assessed type
Under/Overflow