RebateFi Hook
First Flight #53
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Token Validation in _beforeInitialize Causes False Reverts and Blocks Pool Initialization

eagerpanda582

Root + Impact

Description

  • Inside _beforeInitialize, the contract intends to enforce that at least one side of the pool (currency0 or currency1) must equal the ReFi token.

    However, the implemented code contains a critical mistake:

    if (Currency.unwrap(key.currency1) != ReFi &&
    Currency.unwrap(key.currency1) != ReFi) {
    revert ReFiNotInPool();
    }

    Notice that currency1 is checked twice, and currency0 is never checked.

Risk

Likelihood:

  • Uniswap V4 pool ordering depends on token address ordering rules. In many cases, ReFi will appear in currency0, not currency1, making this bug occur frequently and unpredictably. Any pool where ReFi is currency0 will always revert.

Impact:

  • The hook incorrectly checks currency1 twice and never checks currency0, causing the contract to incorrectly revert for valid pools where the ReFi token is placed in currency0.

Proof of Concept

None required

Recommended Mitigation

Correct logic should be:

if (Currency.unwrap(key.currency0) != ReFi &&
Currency.unwrap(key.currency1) != ReFi) {
revert ReFiNotInPool();
}
Updates

Lead Judging Commences

chaossr Lead Judge 12 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Inverted buy/sell logic when ReFi is currency0, leading to incorrect fee application.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!