RebateFi Hook

First Flight #53

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: low

Invalid

Missing Zero-Address Validation in Constructor

uandersonricardo

Root + Impact

Description

The ReFiSwapRebateHook constructor accepts a _ReFi address parameter that is stored and used throughout the contract's lifecycle to identify the ReFi token in swap operations. This address is critical for the hook's core functionality, as it determines which token direction receives fee rebates.
The constructor lacks zero-address validation for the _ReFi parameter. If the contract is deployed with address(0) as the ReFi token, all swap operations will fail because the hook cannot properly identify the ReFi token direction, rendering the entire hook unusable and requiring a complete redeployment.

constructor(IPoolManager _poolManager, address _ReFi) BaseHook(_poolManager) Ownable(msg.sender) {

@> ReFi = _ReFi;

}

Risk

Likelihood:

Deployment scripts or frontend interfaces may pass address(0) due to configuration errors, uninitialized variables, or incorrect parameter ordering.

Impact:

All swap operations through the pool will revert when the hook attempts to identify swap direction
Wasted gas costs from the initial deployment and address mining process
Potential loss of funds if liquidity is added to the pool before the issue is discovered
Time delays and operational disruption while redeploying and remining a valid hook address

Proof of Concept

Add this test to RebateFiHookTest.t.sol:

function test_ZeroAddressReFiToken_CausesSwapFailure() public {

// Deploy hook with zero address for ReFi token

bytes memory creationCode = type(ReFiSwapRebateHook).creationCode;

bytes memory constructorArgs = abi.encode(manager, address(0)); // Zero address

uint160 flags = uint160(Hooks.BEFORE_INITIALIZE_FLAG | Hooks.AFTER_INITIALIZE_FLAG | Hooks.BEFORE_SWAP_FLAG);

(address hookAddress, bytes32 salt) = HookMiner.find(address(this), flags, creationCode, constructorArgs);

// Deploy with zero address -> should be prevented but isn't

ReFiSwapRebateHook brokenHook = new ReFiSwapRebateHook{salt: salt}(manager, address(0));

// Verify deployment succeeded with invalid state

assertEq(brokenHook.ReFi(), address(0), "ReFi address is zero");

// Attempting to use this hook will cause issues in swap operations

// The hook won't be able to properly identify token directions

}

Recommended Mitigation

constructor(IPoolManager _poolManager, address _ReFi) BaseHook(_poolManager) Ownable(msg.sender) {

+ require(_ReFi != address(0), "ReFi token cannot be zero address");

ReFi = _ReFi;

}

Updates

Lead Judging Commences

chaossr Lead Judge 12 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

150

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!