Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create2 #18

Open
moodysalem opened this issue Oct 2, 2020 · 8 comments
Open

create2 #18

moodysalem opened this issue Oct 2, 2020 · 8 comments

Comments

@moodysalem
Copy link

please support create2!
@BlinkyStitt
Copy link

If the factory contract used CREATE2, I think someone could front run a transaction's salt and steal the address. So you'd have to wait for a few confirmations before sending any funds.

@moodysalem
Copy link
Author

moodysalem commented Oct 8, 2020
edited
Loading

If the factory contract used CREATE2, I think someone could front run a transaction's salt and steal the address. So you'd have to wait for a few confirmations before sending any funds.

Not true, CREATE2 uses the deployer address in computing the resulting contract address

edit: not sure exactly what situation you are describing

@BlinkyStitt
Copy link

BlinkyStitt commented Oct 9, 2020 via email

@moodysalem
Copy link
Author

Oh, I am using a version of the minimal proxy in a library and calling it from a contract.

@BlinkyStitt BlinkyStitt mentioned this issue Oct 14, 2020
Open
@ItsNickBarry
Copy link

ItsNickBarry commented Nov 22, 2020
edited
Loading

@moodysalem I've published a create2 implementation here: https://github.com/solidstate-network/solidstate-contracts/blob/master/contracts/architecture/factory/MinimalProxyFactory.sol

Note that it's in a pre-release state, and not to be completely trusted. It is also likely to not be as minimal as possible. I still need to test the gas consumption.

@yarrumretep
Copy link
Collaborator

yarrumretep commented Nov 23, 2020 via email

@PaulRBerg
Copy link

PaulRBerg commented Aug 30, 2021
edited
Loading

If the factory contract used CREATE2, I think someone could front run a transaction's salt and steal the address.

I think that this issue could be circumvented by hashing the tx.origin with the user-provided salt, and passing the resultant hash as the salt to create2.

Note that it should be tx.origin rather than msg.sender because the issue would not otherwise be mitigated for factory contracts.

@PaulRBerg
Copy link

Looks like OpenZeppelin added support for CREAT2-enabled minimal proxies in their Clones.sol contract:

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/aefcb3e8aa4ee8da8e2b7022ffe4dcb57fbb0fdf/contracts/proxy/Clones.sol#L42-L51

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@BlinkyStitt @yarrumretep @ItsNickBarry @moodysalem @PaulRBerg