Vanguard

First Flight #56

Beginner FriendlyDeFiFoundry

0 EXP

View all submissions

Previous Next

Submission Details

Impact: medium

Likelihood: high

`DeployHookScript` sets incorrect hook flags, resulting in deployment revert due to mismatched implemented functions.

Author Revealed upon completion

Root + Impact

In `DeployHookScript.sol`, the `flags` parameter is set to use `Hooks.BEFORE_SWAP_FLAG` and `Hooks.BEFORE_INITIALIZE_FLAG`.
However, TokenLaunchHook is meant to implement a before-swap & and an after-initialize
This will lead to a `HookAddressNotValid` revert on hook deployment, as the implemented functions do not match the flags specified.

Description

The flags parameter used in hook deployment should be set with the hook functions the specific hook implements, specifically _afterInitialize and beforeSwap
The script however sets the flags to use beforeSwap and beforeInitialize, resulting in a revert on deployment as the flags do not match the hook implementation

function run() public {

@> uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG); // uses BEFORE_INITIALIZE_FLAG instead of AFTER_INITIALIZE_FLAG

// ...

}

```

Risk

Likelihood: High

This will cause a revert during hook initialization, preventing deployment and usage of the hook.

Impact: Medium

The hook cannot be deployed using the provided script until the flags are corrected

Proof of Concept

The below test deploys with the same logic as the script... resulting in a revert
Running forge script script/Vanguard/deployLaunchHook.s.sol on a local Anvil instance reproduces the revert

function test_DeployScriptRevertonDeploy() public {

//ARRANGE: Same logic as deployment script

uint256 PHASE1_DURATION = 100;

uint256 PHASE2_DURATION = 200;

uint256 PHASE1_LIMIT_BPS = 100;

uint256 PHASE2_LIMIT_BPS = 300;

uint256 PHASE1_COOLDOWN = 5;

uint256 PHASE2_COOLDOWN = 3;

uint256 PHASE1_PENALTY_BPS = 500;

uint256 PHASE2_PENALTY_BPS = 200;

uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG); // Using same improper flags

bytes memory constructorArgs = abi.encode(

manager,

PHASE1_DURATION,

PHASE2_DURATION,

PHASE1_LIMIT_BPS,

PHASE2_LIMIT_BPS,

PHASE1_COOLDOWN,

PHASE2_COOLDOWN,

PHASE1_PENALTY_BPS,

PHASE2_PENALTY_BPS

);

(address hookAddress, bytes32 salt) =

HookMiner.find(address(this), flags, type(TokenLaunchHook).creationCode, constructorArgs);

// ACT & ASSERT: Expect revert on hook deployment due to improper flags

vm.expectRevert();

TokenLaunchHook hook = new TokenLaunchHook{salt: salt}(

manager,

PHASE1_DURATION,

PHASE2_DURATION,

PHASE1_LIMIT_BPS,

PHASE2_LIMIT_BPS,

PHASE1_COOLDOWN,

PHASE2_COOLDOWN,

PHASE1_PENALTY_BPS,

PHASE2_PENALTY_BPS

);

}

Recommended Mitigation

Correct the `flags` variable in `DeployHookScript.sol` to use `Hooks.AFTER_INITIALIZE_FLAG` instead of `Hooks.BEFORE_INITIALIZE_FLAG`.

function run() public {

- uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG);

+ uint160 flags = uint160(Hooks.AFTER_INITIALIZE_FLAG | Hooks.BEFORE_SWAP_FLAG);

// ... rest of script

}

Rewards breakdown

nSLOC

273

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!