Weighted Pool: ongoing reentrancy protection #2330
Conversation
|
Thanks, @jubeira ! |
|
Fixed compile issue with message |
|
This was the patch change: #2205 |
|
Incidentally #2296 did not add tests for the protocol fee cache update, but it should have. |
| */ | ||
| function disableRecoveryMode() external override authenticate { | ||
| // Some derived contracts respond to disabling recovery mode with state changes (e.g., related to protocol fees, | ||
| // or otherwise ensuring that enabling and disabling recovery mode has no ill effects on LPs). When called | ||
| // outside of recovery mode, these state changes might lead to unexpected behavior. | ||
| _ensureInRecoveryMode(); | ||
|
|
||
| VaultReentrancyLib.ensureNotInVaultContext(_getVault()); |
There was a problem hiding this comment.
This should be accompanied by a test.
There was a problem hiding this comment.
Side comment (maybe for a follow-up PR): we are doing this here and in ProtocolFeeCache (which is derived from RecoveryMode) without a modifier.
Wouldn't it be more consistent to define the modifier here, and use it in both contracts? That way the code would be the same both in pools and in these auxiliary contracts.
There was a problem hiding this comment.
Yes; I thought of that, but it was spread over separate PRs, so I did them individually. Will do a follow-on to address that. (Perhaps I have too little faith in git merge :)
There was a problem hiding this comment.
Changes look good; the functions that needed to be patched / documented are covered.
Regarding tests: same comment as in stable patch applies: #2331 (review)
Description
WeightedPool (version 3) was patched for reentrancy; this applies the same (generalized) protections so that any future deployments are safe.
Type of change
Checklist:
master, or there's a description of how to mergeIssue Resolution