Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Bad Owner Can Brick initialize By Setting A Bad protocolFeeController #221

Closed
Philogy opened this issue Jun 13, 2023 · 2 comments · Fixed by #362
Closed

[Bug]: Bad Owner Can Brick initialize By Setting A Bad protocolFeeController #221

Philogy opened this issue Jun 13, 2023 · 2 comments · Fixed by #362
Assignees
Labels
bug Something isn't working p0 Very important to fix

Comments

@Philogy
Copy link
Contributor

Philogy commented Jun 13, 2023

Describe the bug

A malicious/compromised owner of the PoolManager contract could set a protocolFeeController via the setProtocolFeeController method such that PoolManager.initialize always reverts, making it impossible to create new pools. This could compromise integrating protocols which may expect the initialize method to always be successfully callable (assuming that other pre-conditions are met).

A bad protocol fee controller can cause initialize to revert in 2 ways:

  1. Return a fee parameter that's in an invalid range
  2. Cause the try { ... } catch { ... } block to revert by returning data that doesn't decode into a (uint8, uint8) pair as expected.

Expected Behavior

Expected behavior would be that the PoolManager gracefully falls back to a default fee of 0 as the try { ... } catch { ... } block in _fetchProtocolFees implies. Alternatively, it should be made more explicit that the owner can globally shut down the creation of new pools via the initialize function.

To Reproduce

  1. Copy this PoC (https://gist.github.com/Philogy/6a7e4360a677cb38b477542d94222bc5) into test/foundry-tests/BrickInitialize.t.sol
  2. Run forge test --mp test/foundry-tests/BrickInitialize.t.sol -vvvv
  3. See that the testCanBrick() test passes with initialize reverting in 2 separate cases solely due to a bad protocol fee controller.

Note: The PoC showcases both methods of causing initialize to revert.

Additional context

No response

@Philogy Philogy added the bug Something isn't working label Jun 13, 2023
@Philogy
Copy link
Contributor Author

Philogy commented Jun 13, 2023

Note the owner could also use this to selectively censor the creation of pools by sandwiching calls to initialize with protocol fee controller changes

@marktoda
Copy link
Contributor

Nice catch, thanks for looking and reporting!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working p0 Very important to fix
Projects
Development

Successfully merging a pull request may close this issue.

5 participants
@Philogy @zhongeric @snreynolds @marktoda and others