RebateFi Hook

First Flight #53

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Uncorrect permission on `getHookPermission()` function

zyrrow

Root + Impact

Function getHookPermission() doesn't make possible to enables dynamic fees making the RebateFiHook protocol useless.

Description

On Uniswap v4 , Hook are optional and customizable by developpers to fit their own goal. On this case the protocol's purpose is to encourage peoples to buy ReFi token by making fee = 0 and discourage peoples to sell to dumping and generate protocol revenue by adding fee.

On uniswap v4 each hook choose the function that they can access by using the getHookPermission() function. These function are stored in the 160 bit address of the contract. So if there are missing permission on critical function this can't be changed without redeploying another contract.

The problem with the function getHookPermission() is that the function beforeSwapReturnDelta and afterSwapReturnDelta are false , so that the hook can never call them , and these are the function (atleast one of t hem depend on design) that permit to applicate fee neither pricing or swap result :

function getHookPermissions() public pure override returns (Hooks.Permissions memory) {

return Hooks.Permissions({

beforeInitialize: true,

afterInitialize: true,

beforeAddLiquidity: false,

afterAddLiquidity: false,

beforeRemoveLiquidity: false,

afterRemoveLiquidity: false,

beforeSwap: true,

afterSwap: false,

beforeDonate: false,

afterDonate: false,

beforeSwapReturnDelta: false,@> FALSE HERE

afterSwapReturnDelta: false,@> FALSE HERE

afterAddLiquidityReturnDelta: false,

afterRemoveLiquidityReturnDelta: false

});

// Root cause in the codebase with @> marks to highlight the relevant section

Risk

Likelihood:

Without modification it would be always.

Impact:

The entire protocol is break.

Proof of Concept

- Admin try to applicate his logic fee

- He call function to modifiate fee

- Contract can't reach the function

- Protocol is break

Recommended Mitigation

Allow these fonction on getHookPermission then add your logic on the contract.

- remove this code

beforeSwapReturnDelta: false,

//or

afterSwapReturnDelta: false

+ add this code

beforeSwapReturnDelta: true,

//or

afterSwapReturnDelta: true,

Updates

Lead Judging Commences

chaossr Lead Judge 8 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

150

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!