The description of the problem seems to be missing the point: you don't need CREATE2 or run any seed search to create new Ethereum addresses for every attack. You can always create new addresses, that's a core feature of Ethereum. What CREATE2 allows you to do is to run contracts with specific addresses (up to some limit, as much as you're willing to invest in seed search). The ingenious thing about this is that Ethereum addresses are generally a bit too long for humans to visually check, which is why many wallet providers shorten them, showing eg only the first and last 5 digits. So what CREATE2 allows you to do is to match the first and last significant digits of a another contract, so to the user it looks like they're interacting with a contract they might already recognize, or sending funds to an address that looks like their own in the UI.
1 comment
[ 2.4 ms ] story [ 16.7 ms ] thread