-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improper validation of return value when creating a new tranch token #29
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
low quality report
This report is of especially low quality
primary issue
Highest quality submission among a set of duplicates
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
c4-submissions
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Sep 10, 2023
Sanity check. QA at best. |
raymondfam marked the issue as low quality report |
c4-pre-sort
added
the
low quality report
This report is of especially low quality
label
Sep 14, 2023
raymondfam marked the issue as primary issue |
c4-pre-sort
added
the
primary issue
Highest quality submission among a set of duplicates
label
Sep 14, 2023
This was referenced Sep 14, 2023
Closed
Closed
Closed
gzeon-c4 marked the issue as unsatisfactory: |
c4-judge
added
the
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
label
Sep 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
low quality report
This report is of especially low quality
primary issue
Highest quality submission among a set of duplicates
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Lines of code
https://github.com/code-423n4/2023-09-centrifuge/blob/512e7a71ebd9ae76384f837204216f26380c9f91/src/util/Factory.sol#L96
Vulnerability details
Impact
The Factory contract uses the newTrancheToken() function to deploy a tranche token using create2 instruction. However, the Factory does not validate the address returned by create2, which will be the zero address if the deployment operation fails. This lack of validation may lead to problems
Proof of Concept
Tools Used
vscode
Recommended Mitigation Steps
TrancheToken token = new TrancheToken{salt: salt}(decimals);
if(token == address(0)) revert TokenDeploymentFailed(token);
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: