Vanguard

First Flight #56

Beginner FriendlyDeFiFoundry

0 EXP

View all submissions

Previous Next

Submission Details

Impact: high

Likelihood: medium

_resetPerAddressTracking() Only Clears Mappings for the Zero Address, Not User Addresses

Author Revealed upon completion

Root + Impact

The `_resetPerAddressTracking()` function in `TokenLaunchHook` is intended to clear the `addressSwappedAmount` and `addressLastSwapBlock` mappings for a given user's address when transitioning between launch phases.
However, the current implementation only deletes entries for address(0), leaving all actual user address data untouched.

Description

The `_resetPerAddressTracking()` function in `TokenLaunchHook` is intended to clear the `addressSwappedAmount` and `addressLastSwapBlock` mappings for a user when transitioning between launch phases.
However, the current implementation does not accept any input paramaters and only deletes the entries for`address(0)`, which does not correspond to any actual user address.
As a result, no user-specific tracking data is reset when the launch phase changes, potentially leading to incorrect enforcement of swap limits and cooldowns across phases.

function _resetPerAddressTracking() internal {

@> addressSwappedAmount[address(0)] = 0;

@> addressLastSwapBlock[address(0)] = 0;

}

Risk

Likelihood: High

This occurs whenever the launch phase changes and a user with existing entries makes a swap

Impact: Medium

Users may be unfairly penalized due to stale per-address tracking data from previous phases.

Proof of Concept

Not necessary. Issue is immediately evident from code inspection

Recommended Mitigation

Modify _resetPerAddressTracking() to accept a user address parameter and clear the mappings for that specific address.
Note: Using sender as the user address is technically incorrect, as it typically resolves to a router or intermediary contract. This issue is outside the scope of this finding and is addressed in a separate submission.

- function _resetPerAddressTracking() internal {

+ function _resetPerAddressTracking(address user) internal {

- addressSwappedAmount[address(0)] = 0;

- addressLastSwapBlock[address(0)] = 0;

+ if (user == address(0)) revert("InvalidUser");

+ addressSwappedAmount[user] = 0;

+ addressLastSwapBlock[user] = 0;

}

function _beforeSwap(address sender, PoolKey calldata key, SwapParams calldata params, bytes calldata data)

internal

override

returns (bytes4, BeforeSwapDelta, uint24)

{

// ...

if (newPhase != currentPhase) {

console.log('Phase changed from', currentPhase, 'to', newPhase);

- _resetPerAddressTracking();

+ _resetPerAddressTracking(sender); // Reset tracking for a specific address

currentPhase = newPhase;

lastPhaseUpdateBlock = block.number;

}

// ... rest of function ...

}

Rewards breakdown

nSLOC

273

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!