Same Name Contract Issue #530
Comments
|
Hi, @Hellobloc! It seems that the main contract file is indicated as the only file opened in the editor by default. When the contract tab is opened there is only the "test.sol" file shown to the user. I agree that it may be not quite obvious though. We will discuss it with our frontend team how we can make it more informative. Thank you for the report! Just would like to make sure that I got you right and the main concern here is not some algorithmic issue but more the data description inside the UI |
|
For Sourcify it was a completally different problem: it was a simple logical problem in the verification process for session api. |
|
@rimrakhimov Thank you very much for your quick response and the attention you have given to these issues. |
|
@Hellobloc I see. We'll discuss it with our design team how we can indicate that more clearly to the users. Thank you |
|
@Hellobloc we've prepared a little demo how we are going to mitigate this issue in the UI. We've added 
|
Introduction
The current source code results for the compilation target are located by contract name, and the path information is missing. This means that we can construct two contracts with the same name in one source code. In the end, we cannot locate the only contract as our compilation target.
Impact
Attackers can use the eponymous contract issue to confuse users and hide backdoors in the code.
Attack Case
https://optimism-goerli.blockscout.com/address/0x3C10387CF5cC4B655d12898C3628AF38C5E792c2?tab=contract
https://goerli-optimism.etherscan.io/address/0x3C10387CF5cC4B655d12898C3628AF38C5E792c2#code
The text was updated successfully, but these errors were encountered: