Canto Application Specific Dollars and Bonding Curves for 1155s - young's results

Lines of code

https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/asD/src/asDFactory.sol#L34

Vulnerability details

Impact

It's known that the create OP code calculates the address using address = hash(creatorAddr,creatorNonce). This is vulnerable when the network is not that stable and may suffer from Reorg Attack. For chains like Polygon, Op, Arb, reorg could happen and thus unintended situations may occur.

    function create(string memory _name, string memory _symbol) external returns (address) {
        asD createdToken = new asD(_name, _symbol, msg.sender, cNote, owner());
        isAsD[address(createdToken)] = true;
        emit CreatedToken(address(createdToken), _symbol, _name, msg.sender);
        return address(createdToken);
    }

Considering that the contract asD created will be used to interact with users for minting, burning, etc, and the create function is external and could be called by anyone, this could lead to the ownership getting lost and later accrued interests being lost.

Proof of Concept

Considering the following situation: 1. Bob has created an asD contract to interact with, so far the nonce is X. At the same time, Alice has also tried to create an asD and the nonce should be X+1. 2. Bob verifies his address on the chain and has asked others (or even himself) to perform mint/burn with this contract so that some accrued interests could be earned. 3. The reorg happens, and Alice's transaction happens before Bob. In this situation, Alice gets nonce=X and has ownership of this address. So Alice could earn what is expected to be given to Bob (the interest that accrued).

Tools Used

Manual

Recommended Mitigation Steps

We recommend using create2 with salt(from msg.sender) to make the address unique for different creators.

Assessed type

Other