Platform: Code4rena
Start Date: 07/06/2022
Pot Size: $75,000 USDC
Total HM: 11
Participants: 77
Period: 7 days
Judge: gzeon
Total Solo HM: 7
Id: 124
League: ETH
Rank: 11/77
Findings: 1
Award: $1,486.62
π Selected for report: 1
π Solo Findings: 0
π Selected for report: 0x52
Also found by: jonah1005, unforgiven
1486.6172 USDC - $1,486.62
Minting becomes impossible
onERC1155Received is only called when the size of the code deployed at the address contains code. Since create2 is used to deploy the contract, the address can be calculated before the contract is deployed. A malicious actor could send the address fCash of a different maturity or asset before the contract is deployed and since nothing has been deployed, onERC1155Received will not be called and the address will accept the fCash. After the contract is deployed and correct fCash is sent to the address, onERC1155Received will check the length of the assets held by the address and it will be more than 1 (fCash of correct asset and maturity and fCash with wrong maturity or asset sent before deployment). This will cause the contract to always revert essentially breaking the mint completely.
When the contract is created create a function that reads how many fCash assets are at the address and send them away if they aren't of the correct asset and maturity
#0 - jeffywu
2022-06-15T12:32:44Z
I will need to write a PoC to confirm that this is the case but it seems plausible to me.
#1 - jeffywu
2022-06-16T13:13:30Z
Based on the Judging Criteria, this does not result in loss of funds. This will result in a loss of availability (available funds actually increase).
My opinion is medium severity.
#2 - gzeoneth
2022-06-26T12:22:34Z
Judging this as Med Risk due to no loss of funds and only possible before contract deployment.