Mistakes made on one chain can be re-applied to a new chain
There is no chain.id in the create2() function data
If a user does create2() using the wrong network, an attacker can replay the action on the correct chain, and steal the funds a-la the wintermute gnosis safe attack, where the attacker can create the same address that the user tried to, and steal the funds from there
<https://mirror.xyz/0xbuidlerdao.eth/lOE5VN-BHI0olGOXe27F0auviIuoSlnou_9t3XRJseY>
ethereum/contracts/common/L2ContractHelper.sol:
18
19: function create2(
20: bytes32 _salt,
21: bytes32 _bytecodeHash,
22: bytes calldata _input
23: ) external;
24 }
zksync/contracts/L2ContractHelper.sol:
9 interface IContractDeployer {
10: function create2(
11: bytes32 _salt,
12: bytes32 _bytecodeHash,
13: bytes calldata _input
14: ) external;
15 }
Manual Code Review
Include the chain.id in create2() function
The text was updated successfully, but these errors were encountered:
All reactions