Omniscia BlazeSwap Audit
SafeERC20Namer Manual Review Findings
SafeERC20Namer Manual Review Findings
SER-01M: Trivial Symbol Collision
Type | Severity | Location |
---|---|---|
Logical Fault | SafeERC20Namer.sol:L49-L53 |
Description:
The addressToSymbol
function used as a fallback by tokenSymbol
only extracts 6
members from the token
address thus allowing collisions to be trivially craft-able.
Impact:
Allowing symbols to be arbitrarily define-able enables spoofing and similar attacks to be easier to carry out.
Example:
contracts/shared/libraries/SafeERC20Namer.sol
49// uses a heuristic to produce a token symbol from the address50// the heuristic returns the first 6 hex of the address string in upper case51function addressToSymbol(address token) private pure returns (string memory) {52 return AddressStringUtil.toAsciiString(token, 6);53}
Recommendation:
We advise this trait of the system to be re-evaluated and an additional salting mechanism to be used instead to ensure collision cannot occur as trivially.
Alleviation:
The BlazeSwap team stated that this contract is a stub and thus should not have been in scope of the audit. As a result, we consider this exhibit nullified.