Submission Details
Severity:
[H-1] - Hook deployment may revert because of improper validation
_beforeInitialize improper validation will cause impossibility to initialize
Description
When the RebatiFiHook is initialized, it does not check if ReFi token is not present in
key.currency0. This will cause the hook to not deploy everytime when ReFi token is not inkey.currency1
function _beforeInitialize(address, PoolKey calldata key, uint160) internal view override returns (bytes4) {
@>> if (Currency.unwrap(key.currency1) != ReFi &&
@>> Currency.unwrap(key.currency1) != ReFi) {
revert ReFiNotInPool();
}
return BaseHook.beforeInitialize.selector;
}
Risk
Likelihood: HIGH
Hook won't be initialized everytime ReFi token is not in
PoolKey.currency1.
Impact: HIGH
Improper validation logic will cause hook to not be deployed, setting users unable to trade through the hook.
Proof of Concept
Recommended Mitigation
Here is the recommended mitigation:
function _beforeInitialize(address, PoolKey calldata key, uint160) internal view override returns (bytes4) {
if (Currency.unwrap(key.currency1) != ReFi &&
- Currency.unwrap(key.currency1) != ReFi) {
+ Currency.unwrap(key.currency0) != ReFi) {
revert ReFiNotInPool();
}
return BaseHook.beforeInitialize.selector;
}
Updates
Lead Judging Commences
chaossr 12 days ago
Submission Judgement Published Assigned finding tags:
Faulty pool check; only checks currency1 twice, omitting currency0.
Rewards breakdown
nSLOC
150This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.