Malicious Pool Admin Bypass via Upgradeable Hooks
Summary
While UpdateWeightRunner implements access controls for pool management, it fails to protect against malicious admins deploying upgradeable hooks that can be later modified to extract value from users through excessive fees or liquidity manipulation.
Vulnerability Details
Admin deploys seemingly benign upgradeable hook with normal fees
Users trust and interact with pool using this hook
Admin can upgrade hook implementation to:
Increase swap fees up to 50%
Reduce liquidity provided to users
Extract value through manipulated calculations
UpdateWeightRunner'saccess controls cannot prevent this attack vector
Impact
Users lose funds through excessive fees
Protocol reputation damage
Tools Used
Manual review
Recommendations
in QuantAMMWeightedPoolFactory white list NewPoolParams.poolHooksContract
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.