Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address chainsecurity #1 comment #114

Merged
merged 4 commits into from
Dec 6, 2023
Merged

Address chainsecurity #1 comment #114

merged 4 commits into from
Dec 6, 2023

Conversation

cwang25
Copy link
Contributor

@cwang25 cwang25 commented Dec 6, 2023

Reference:

1. Function saveCode has an else branch that should not be executed as stated in the inline note. However, an attacker can trigger the conditions that saveCode() always enters in the else branch for any code. This can be achieved by sending some Ether (e.g., 1 wei) to the precomputed address of the script, which changes the codehash of the address from 0 to the one corresponding to an EOA. Once this happen, there is no way for the system to deploy the same code anymore. Hence, one could use this attack vector to prevent deploying any new scripts (e.g., frontrunning, or precomputing addresses if the script code is public before deployment), or triggering selfdestruc for scripts that do delegatecalls.

Fixes:

  • Remove CodeHashMismatch
  • CodeJar will now always deploy/override if the codehash mismatch on the destination address

fluffywaffles
fluffywaffles approved these changes Dec 6, 2023
View reviewed changes
test/CodeJar.t.sol Outdated Show resolved Hide resolved
kevincheng96
kevincheng96 approved these changes Dec 6, 2023
View reviewed changes
Copy link
Collaborator

@kevincheng96 kevincheng96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

test/CodeJar.t.sol Show resolved Hide resolved
test/CodeJar.t.sol Outdated Show resolved Hide resolved
@cwang25 cwang25 merged commit 321aac8 into main Dec 6, 2023
4 checks passed
@cwang25 cwang25 deleted the hans/cs-audit-1 branch December 6, 2023 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fluffywaffles fluffywaffles fluffywaffles approved these changes

@kevincheng96 kevincheng96 kevincheng96 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cwang25 @fluffywaffles @kevincheng96