Creamy Scarlet Cottonmouth - "uint64 chainSelector" may affect "function _packCCIPContract" in contract "BaseCCIPContract" and the like.

[sherlock-admin4]

Creamy Scarlet Cottonmouth

Low/Info

"uint64 chainSelector" may affect "function _packCCIPContract" in contract "BaseCCIPContract" and the like.

Summary

Unintended return value on chainSelector

chainSelector has a uint value of 64 and has been left-shifted by 160 before being type casted to uint256. This may return the value of zero for this part of the code.

Root Cause

In BaseCCIPContract.sol[line43]:

• chainselector is left-shifted by 160. Issue here is that chainSelector is a uint64 there the value may return zero as there arent enough bits to be left shifted by 160 in a uint64. This may give an unfavourable result to the whole function as this was not type casted correctly.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

When function "_packCCIPContract" this is what happens:

PoC

No response

Mitigation

The mitigation to this is the following:

- uint256(uint160(contractAddress)) | uint256(chainSelector << 160)
+ uint256(uint160(contractAddress)) | uint256(chainSelector) << 160

[sherlock-admin2]

The protocol team fixed this issue in the following PRs/commits: https://github.com/Winnables/public-contracts/pull/7