Closed sherlock-admin closed 9 months ago
2 comment(s) were left on this issue during the judging contest.
_rahul commented:
Invalid: Chain re-org and network liveness related issues are not considered valid.
pratraut commented:
'invalid as reorg will re-execute those txs and owner will have appropriate state'
jasonxiale
medium
VestingEscrowFactory.deployVestingContract
deploys contracts using clone, which is suspicious of the reorg attackSummary
Function VestingEscrowFactory.deployVestingContract deploys a new contract by calling vestingEscrowImpl.clone, and in function
LibClone.clone
,create
is used to create new contract.Because of
create
is used, the contract is suspicious of the reorg attack. Suppose that:VestingEscrow
, which is VE1, and VE2, then theVestingEscrowFactory.owner
calls VestingEscrow.revokeAll on VE1.VestingEscrow.revokeAll
tx is executed, it will executed on VE1 contract which is old VE2 contract, and this is against the VestingEscrowFactory.owner's willVulnerability Detail
Function VestingEscrowFactory.deployVestingContract deploys a new contract by calling vestingEscrowImpl.clone, and in function
LibClone.clone
,create
is used to create new contract.Because of
create
is used, the contract is suspicious of the reorg attack. Suppose that:VestingEscrow
, which is VE1, and VE2, then theVestingEscrowFactory.owner
calls VestingEscrow.revokeAll on VE1.VestingEscrow.revokeAll
tx is executed, it will executed on VE1 contract which is old VE2 contract, and this is against the VestingEscrowFactory.owner's willImpact
reorg attack
Code Snippet
https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrowFactory.sol#L64-L69
Tool used
Manual Review
Recommendation
using
LibClone.cloneDeterministic
instead ofLibClone.clone
Duplicate of #66