c4-judge
commented
8 months ago Picodes marked the issue as duplicate of #247
Closed c4-judge closed 8 months ago
c4-judge
commented
8 months ago Picodes marked the issue as duplicate of #247
c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
c4-judge
commented
8 months ago Picodes marked the issue as partial-50
Picodes
commented
8 months ago Giving partial credit as this report doesn't discuss the feasability
Judge has assessed an item in Issue #581 as 2 risk. The relevant finding follows:
[L-08] Address Collision Risk in Callback Validation Logic** Contract: CallbackLib.sol The validateCallback function employs deterministic address computation to verify the authenticity of a Uniswap pool. This approach is based on the assumption that the address derived from the contract’s creation bytecode and the creator’s address is unique. However, this method is susceptible to address collision risks, where a different contract, under specific circumstances, might share the same computed address, leading to erroneous validation.
Suggested Fix: Strengthen the validation logic by incorporating additional checks beyond address computation. This could involve maintaining a registry of verified pool addresses or introducing cryptographic verification methods that ensure the uniqueness and legitimacy of the pool beyond its address.
Code Snippet: function validateCallback( address sender, address factory, PoolFeatures memory features ) internal pure { // existing logic to compute and compare addresses if ( address( uint160( uint256( keccak256( abi.encodePacked( bytes1(0xff), factory, keccak256(abi.encode(features)), Constants.V3POOL_INIT_CODE_HASH ) ) ) ) ) != sender ) revert Errors.InvalidUniswapCallback(); }