Submission Details
Severity:
Incorrect check in `RebateFiHook.sol`
Root + Impact
Description
-
In the codebase we can see that in the `_beforeInitialize` function the currency has been ReFi is being check against the pool pairs that is supposed to be currency1 and currency2
-
But the problem here is that the Refi currency is being checked against the currency1 twice which is wrong and makes the check only half effective
function _beforeInitialize(address, PoolKey calldata key, uint160) internal view override returns (bytes4) {
if (Currency.unwrap(key.currency1) != ReFi &&
Currency.unwrap(key.currency1) != ReFi) { //@audit incorrect check
revert ReFiNotInPool();
}
return BaseHook.beforeInitialize.selector;
}
Risk
Likelihood:
This vuln can occur anytime refi is currency 0
Impact:
The check is not fully effective
Proof of Concept
see that on line 3 and 4 refi is being checked against currency 1 twice
function _beforeInitialize(address, PoolKey calldata key, uint160) internal view override returns (bytes4) {
if (Currency.unwrap(key.currency1) != ReFi &&
Currency.unwrap(key.currency1) != ReFi) { //@audit incorrect check
revert ReFiNotInPool();
}
return BaseHook.beforeInitialize.selector;
}
Recommended Mitigation
Make sure to check against all pool currencies instead one sided currency twice
function _beforeInitialize(address, PoolKey calldata key, uint160) internal view override returns (bytes4) {
+ if (Currency.unwrap(key.currency0) != ReFi &&
- if (Currency.unwrap(key.currency1) != ReFi &&
Currency.unwrap(key.currency1) != ReFi) { //@audit incorrect check
revert ReFiNotInPool();
}
return BaseHook.beforeInitialize.selector;
}
Updates
Lead Judging Commences
chaossr 11 days ago
Submission Judgement Published Assigned finding tags:
Faulty pool check; only checks currency1 twice, omitting currency0.
Rewards breakdown
nSLOC
150This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.