Improper validation of return value when creating a new tranch token #29
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
low quality report
This report is of especially low quality
primary issue
Highest quality submission among a set of duplicates
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
c4-submissions
added
2 (Med Risk)
|
Sanity check. QA at best. |
|
raymondfam marked the issue as low quality report |
c4-pre-sort
added
the
low quality report
|
raymondfam marked the issue as primary issue |
c4-pre-sort
added
the
primary issue
This was referenced Sep 14, 2023
Closed
Closed
Closed
|
gzeon-c4 marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/util/Factory.sol#L96
Vulnerability details
Impact
The Factory contract uses the newTrancheToken() function to deploy a tranche token using create2 instruction. However, the Factory does not validate the address returned by create2, which will be the zero address if the deployment operation fails. This lack of validation may lead to problems
Proof of Concept
Tools Used
vscode
Recommended Mitigation Steps
TrancheToken token = new TrancheToken{salt: salt}(decimals);
if(token == address(0)) revert TokenDeploymentFailed(token);
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: