About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

codehash check in factory contracts does not account for non-empty addresses- 1305

MiloTruck - Wildcat C4Posted 2 Years Ago
  • In the Wildcat protocol, the WildcatMarketControllerFactory is used for deploying a contracts. The function determines if the contract has been deployed to by checking if the codehash is bytes32(0). At first glance, this seems reasonable but has a weird flaw.
  • Addresses only return 0x0 as the codehash if they are empty. What does empty mean here? The 0x0 is only returned when is it COMPLETELY empty. If it is an account without account (aka funds exist there), then the empty hash is returned.
  • If anyone transfers 1 wei to that address, then the protocol is harmed. The deployments of many things will simply NOT work. MiloTruck seemed very proud of this finding, and I agree, it's pretty sick! I didn't know the difference between an empty account and a non-existent account for a codehash.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed