code-423n4 / 2023-11-shellprotocol-findings

7 stars 7 forks source link

Custom Ether Address Representation in Shell Protocol's Constructor #249

Closed c4-bot-2 closed 10 months ago

c4-bot-2 commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/adapters/CurveTricryptoAdapter.sol#L100

Vulnerability details

Impact

The hardcoded custom representation of Ether in the Shell Protocol's adapter for the Curve Tricrypto pool (using address(0x4574686572)), deviates from standard Ethereum practices and introduces the risk of address collisions. This could potentially lead to operational issues within the protocol, such as incorrect token handling or unintended interactions with other contracts.

Proof of Concept

The specific concern is that the custom Ether address might coincidentally match an actual Ethereum contract address due to the probabilistic nature of Ethereum address generation. This can result in:

Tools Used

Recommended Mitigation Steps

Assessed type

Access Control

c4-pre-sort commented 10 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as primary issue

raymondfam commented 10 months ago

It's simply hexadecimal(ascii("Ether")), no address is entailed.

c4-judge commented 10 months ago

0xA5DF marked the issue as unsatisfactory: Invalid

0xA5DF commented 10 months ago

The specific concern is that the custom Ether address might coincidentally match an actual Ethereum contract address due to the probabilistic nature of Ethereum address generation.

This is as likely as finding the private key to the zero address