code-423n4 / 2023-11-panoptic-findings

0 stars 0 forks source link

Upgraded Q -> 2 from #581 [1703633976168] #640

Closed c4-judge closed 10 months ago

c4-judge commented 10 months ago

Judge has assessed an item in Issue #581 as 2 risk. The relevant finding follows:

[L-08] Address Collision Risk in Callback Validation Logic** Contract: CallbackLib.sol The validateCallback function employs deterministic address computation to verify the authenticity of a Uniswap pool. This approach is based on the assumption that the address derived from the contract’s creation bytecode and the creator’s address is unique. However, this method is susceptible to address collision risks, where a different contract, under specific circumstances, might share the same computed address, leading to erroneous validation.

Suggested Fix: Strengthen the validation logic by incorporating additional checks beyond address computation. This could involve maintaining a registry of verified pool addresses or introducing cryptographic verification methods that ensure the uniqueness and legitimacy of the pool beyond its address.

Code Snippet: function validateCallback( address sender, address factory, PoolFeatures memory features ) internal pure { // existing logic to compute and compare addresses if ( address( uint160( uint256( keccak256( abi.encodePacked( bytes1(0xff), factory, keccak256(abi.encode(features)), Constants.V3POOL_INIT_CODE_HASH ) ) ) ) ) != sender ) revert Errors.InvalidUniswapCallback(); }

c4-judge commented 10 months ago

Picodes marked the issue as duplicate of #247

c4-judge commented 10 months ago

Picodes marked the issue as satisfactory

c4-judge commented 10 months ago

Picodes marked the issue as partial-50

Picodes commented 10 months ago

Giving partial credit as this report doesn't discuss the feasability