You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A malicious/compromised owner of the PoolManager contract could set a protocolFeeController via the setProtocolFeeController method such that PoolManager.initialize always reverts, making it impossible to create new pools. This could compromise integrating protocols which may expect the initialize method to always be successfully callable (assuming that other pre-conditions are met).
A bad protocol fee controller can cause initialize to revert in 2 ways:
Return a fee parameter that's in an invalid range
Cause the try { ... } catch { ... } block to revert by returning data that doesn't decode into a (uint8, uint8) pair as expected.
Expected Behavior
Expected behavior would be that the PoolManager gracefully falls back to a default fee of 0 as the try { ... } catch { ... } block in _fetchProtocolFees implies. Alternatively, it should be made more explicit that the owner can globally shut down the creation of new pools via the initialize function.
Describe the bug
A malicious/compromised
owner
of thePoolManager
contract could set aprotocolFeeController
via thesetProtocolFeeController
method such thatPoolManager.initialize
always reverts, making it impossible to create new pools. This could compromise integrating protocols which may expect theinitialize
method to always be successfully callable (assuming that other pre-conditions are met).A bad protocol fee controller can cause
initialize
to revert in 2 ways:try { ... } catch { ... }
block to revert by returning data that doesn't decode into a(uint8, uint8)
pair as expected.Expected Behavior
Expected behavior would be that the
PoolManager
gracefully falls back to a default fee of0
as thetry { ... } catch { ... }
block in_fetchProtocolFees
implies. Alternatively, it should be made more explicit that theowner
can globally shut down the creation of new pools via theinitialize
function.To Reproduce
test/foundry-tests/BrickInitialize.t.sol
forge test --mp test/foundry-tests/BrickInitialize.t.sol -vvvv
testCanBrick()
test passes with initialize reverting in 2 separate cases solely due to a bad protocol fee controller.Note: The PoC showcases both methods of causing
initialize
to revert.Additional context
No response
The text was updated successfully, but these errors were encountered: