Vanguard
First Flight #56
Beginner FriendlyDeFiFoundry
0 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: low

Incorrect hook flag `BEFORE_INITIALIZE_FLAG` is set in deploy script `deployLaunchHook.s.sol`.

Author Revealed upon completion

Root + Impact

Description

  • During deployment, hook flags must match the hook permissions.

  • However, in this case the BEFORE_INITIALIZE_FLAG flag was set instead of AFTER_INITIALIZE_FLAG.

function run() public {
@> uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG);
// Mine a salt that will produce a hook address with the correct flags
.
.
.

Risk

Likelihood:

  • Deployment issue that could lead to a broken hook contract if successfully deployed.

Impact:

  • This issue could lead to a hidden problem that only appears after a pool with the hook is deployed, potentially requiring redeployment of both the pool and the hook.

Proof of Concept

Permissions from TokenLaunchHook.sol

function getHookPermissions() public pure override returns (Hooks.Permissions memory) {
return Hooks.Permissions({
beforeInitialize: false,
afterInitialize: true, // AFTER_INITIALIZE_FLAG
beforeAddLiquidity: false,
afterAddLiquidity: false,
beforeRemoveLiquidity: false,
afterRemoveLiquidity: false,
beforeSwap: true, // BEFORE_SWAP_FLAG
afterSwap: false,
beforeDonate: false,
afterDonate: false,
beforeSwapReturnDelta: false,
afterSwapReturnDelta: false,
afterAddLiquidityReturnDelta: false,
afterRemoveLiquidityReturnDelta: false
});
}

Recommended Mitigation

Replace BEFORE_INITIALIZE_FLAG with AFTER_INITIALIZE_FLAG;

function run() public {
- uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.BEFORE_INITIALIZE_FLAG);
+ uint160 flags = uint160(Hooks.BEFORE_SWAP_FLAG | Hooks.AFTER_INITIALIZE_FLAG);
// Mine a salt that will produce a hook address with the correct flags
.
.
.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!