Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ExternalCallLib which checks revert data for malicious data #2004

Merged
merged 15 commits into from
Nov 15, 2022
Merged

Add ExternalCallLib which checks revert data for malicious data #2004

merged 15 commits into from
Nov 15, 2022

Conversation

TomAFrench
Copy link
Contributor

@TomAFrench TomAFrench commented Nov 11, 2022
edited
Loading

Description

This PR introduces the ExternalCallLib which exposes a function to check if revert data from external calls will be picked up by BasePool's _queryAction function.

Note that this currently doesn't fix the issue described in #1973. We must also protect the error signature used by queryBatchSwap as well do to this. Currently we only protect joins and exits but not swaps. Fixed now.

We should also include a test of this protection when used within a pool.

Type of change

  • Bug fix
  • New feature
  • Breaking change
  • Dependency changes
  • Code refactor / cleanup
  • Documentation or wording changes
  • Other

Checklist:

  • The diff is legible and has no extraneous changes
  • Complex code has been commented, including external interfaces
  • Tests are included for all code paths
  • The base branch is either master, or there's a description of how to merge

Issue Resolution

closes #1973

@TomAFrench TomAFrench requested a review from nventuro November 14, 2022 17:08
@TomAFrench TomAFrench marked this pull request as ready for review November 14, 2022 18:27
nventuro
nventuro approved these changes Nov 14, 2022
View reviewed changes
Copy link
Contributor

@nventuro nventuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very clean, loved the approach!

pkg/pool-utils/contracts/lib/ExternalCallLib.sol Outdated Show resolved Hide resolved
pkg/pool-utils/contracts/lib/ExternalCallLib.sol Outdated Show resolved Hide resolved
pkg/pool-utils/contracts/lib/ExternalCallLib.sol Outdated Show resolved Hide resolved
pkg/pool-utils/contracts/test/MaliciousQueryReverter.sol Show resolved Hide resolved
pkg/pool-linear/test/AaveLinearPool.test.ts Outdated Show resolved Hide resolved
pkg/pool-utils/test/ExternalCallLib.test.ts Outdated Show resolved Hide resolved
@TomAFrench TomAFrench merged commit 551df1b into master Nov 15, 2022
@TomAFrench TomAFrench deleted the external-call-wrapper branch November 15, 2022 12:33
TomAFrench added a commit that referenced this pull request Nov 22, 2022
@TomAFrench
Merge branch 'master' into forge-std-v1
b4991d8 
* master:
  Move LBP storage handling to library (#2015)
  Add new AaveLinearPool deployment (#2012)
  Lint fix. (#2021)
  Introduce PoolRecoveryEnabler (#2013)
  Remove wrong dependency (#2018)
  Improve deployment signers (#2017)
  Use hardhat network helpers (#2016)
  Add index.ts for `deployments/src` (#2014)
  Split LBP contract into LBP and LBPSettings (#1979)
  Add IRateProviderPool (#2005)
  Add ExternalCallLib which checks revert data for malicious data (#2004)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nventuro nventuro nventuro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Wrap external view calls in LinearPool
2 participants
@TomAFrench @nventuro