Description:Description\
Hard Coded Value os SWAP_TARGET can become a DOS Issue on the expansion of Velvet Capital to new chains
Attack Scenario\
While the EnsoShortCut has been deployed to 0x38147794FF247e5Fc179eDbAE6C37fff88f68C52 on a bunch of chains like Ethereum, Polygon, Arbitrum. The hard-coded value still limits the expansion on a new chain. An attacker using CREATE3 can mint this address on a different chain to cause DOS or ransom for the project
Github username: -- Twitter username: -- Submission hash (on-chain): 0x227834fdffe74832b3d90051b5e9b71f198a4e5f21b40e4e99355a3304f53f49 Severity: medium
Description: Description\ Hard Coded Value os SWAP_TARGET can become a DOS Issue on the expansion of Velvet Capital to new chains
Attack Scenario\ While the
EnsoShortCut
has been deployed to0x38147794FF247e5Fc179eDbAE6C37fff88f68C52
on a bunch of chains like Ethereum, Polygon, Arbitrum. The hard-coded value still limits the expansion on a new chain. An attacker using CREATE3 can mint this address on a different chain to cause DOS or ransom for the projectAttachments
Proof of Concept (PoC) File https://blastscan.io/address/0x38147794FF247e5Fc179eDbAE6C37fff88f68C52
Revised Code File (Optional) Set the SWAP_TARGET on deployment in the constructor to allow dynamic setting of the SWAP_TARGET