search

hats-finance / HATs-Arbitration-Contracts-0x79a618f675857b45934ca1c413fd5f409cf89735

MIT License
0 stars 1 forks source link

`HATPaymentSplitterFactory.predictSplitterAddress` can predict invalid splitter addresses, which can lead to user loss of funds #48

Closed hats-bug-reporter[bot] closed 10 months ago

hats-bug-reporter[bot] commented 11 months ago

Github username: @aviggiano Submission hash (on-chain): 0xc2da62902c49f6013d1ffe9aebfc1ab1a44aba778215d6208bde9d9edd2095d8 Severity: low

Description: Description

The function predictSplitterAddress from HATPaymentSplitterFactory uses Clones.predictDeterministicAddress to predict the deployment address of a HATPaymentSplitter.

The issue is that HATPaymentSplitter.__PaymentSplitter_init has input validation that prevents the creation of certain payment splitters:

    function __PaymentSplitter_init_unchained(address[] memory payees, uint256[] memory shares_) internal onlyInitializing {
        require(payees.length == shares_.length, "PaymentSplitter: payees and shares length mismatch");
        require(payees.length > 0, "PaymentSplitter: no payees");

        for (uint256 i = 0; i < payees.length; i++) {
            _addPayee(payees[i], shares_[i]);
        }
    }

This means that certain HATPaymentSplitterFactory.predictSplitterAddress addresses may never be created, if the input validation fails. As a result, if a user relies solely on HATPaymentSplitterFactory.predictSplitterAddress, and sends funds to this address before the payment splitter is deployed, the funds will be forever lost.

Recommendation

Add the input validation from HATPaymentSplitter.__PaymentSplitter_init on HATPaymentSplitterFactory.predictSplitterAddress so that the function reverts if an invalid input would result a revert.