sherlock-admin
commented
11 months ago 1 comment(s) were left on this issue during the judging contest.
n33k commented:
invalid, not showing how it will revert and how the fund could be lost, sugguest demonstrate with a PoC
helpMePlease
medium
no check on return value of
create3The
deployfunction is used to deploy contracts. The function does not revert properly if there is a failed contract deployment or revert from the create3 opcode as it does not properly check the returned address.Vulnerability Detail
see summary
Impact
If the function fails to deploy the contract the code will still assume that the deployment is successful which will cause unexpected issues.
Code Snippet
https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/factory/ContractFactory.sol#L105
Tool used
Manual Review
Recommendation
The recommended mitigation was to update iszero(deployedContract) to iszero(extcodesize(deployedContract))