-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7 from futuretech6/docs/detector-spec
[Docs] Add md docs
- Loading branch information
Showing
5 changed files
with
130 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# UniswapPublicCallback | ||
|
||
## Info | ||
|
||
**Spec** | ||
|
||
- Severity: High | ||
- Confidence: High | ||
|
||
**Description** | ||
|
||
Callers of callback functions are not exclusively restricted to the contract itself. | ||
|
||
## Sample | ||
|
||
```diff | ||
abstract contract BaseHook is IHooks { | ||
modifier selfOnly() { | ||
if (msg.sender != address(this)) revert NotSelf(); | ||
_; | ||
} | ||
} | ||
|
||
contract Hook is BaseHook { | ||
uint count; | ||
|
||
constructor(IPoolManager _poolManager) BaseHook(_poolManager) {} | ||
|
||
function foo() external { | ||
poolManager.lock(abi.encodeWithSignature("callback()")); | ||
} | ||
|
||
- function callback() external { | ||
+ function callback() external selfOnly { | ||
count++; | ||
} | ||
} | ||
``` | ||
|
||
For any callback functions that are called by lockAcquired using external calls, there should be an only-self check (no need for internal callback). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# UniswapPublicHook | ||
|
||
## Info | ||
|
||
**Spec** | ||
|
||
- Severity: High | ||
- Confidence: High | ||
|
||
**Description** | ||
|
||
Callers of hook functions are not exclusively restricted to the pool manager alone. | ||
|
||
## Sample | ||
|
||
```diff | ||
abstract contract BaseHook is IHooks { | ||
IPoolManager public immutable poolManager; | ||
|
||
constructor(IPoolManager _poolManager) { | ||
poolManager = _poolManager; | ||
} | ||
|
||
modifier poolManagerOnly() { | ||
if (msg.sender != address(poolManager)) revert NotPoolManager(); | ||
_; | ||
} | ||
} | ||
|
||
contract Hook is BaseHook { | ||
uint count; | ||
|
||
constructor(IPoolManager _poolManager) BaseHook(_poolManager) {} | ||
|
||
function beforeSwap( | ||
address, | ||
PoolKey calldata, | ||
IPoolManager.SwapParams calldata, | ||
bytes calldata | ||
- ) external override returns (bytes4) { | ||
+ ) external override poolManagerOnly returns (bytes4) { | ||
count++; // make changes to contract states | ||
return IHooks.beforeSwap.selector; | ||
} | ||
} | ||
``` | ||
|
||
This detector enumerates all the hook functions (e.g. `beforeSwap`) that are not `view` (i.e., read only) and can be called by anyone without privilege validation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# UniswapSuicidalHook | ||
|
||
## Info | ||
|
||
**Spec** | ||
|
||
- Severity: Medium | ||
- Confidence: High | ||
|
||
**Description** | ||
|
||
The contract contains `SELFDESTRUCT`. | ||
No self-destruct is allowed, even with privilege validation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# UniswapUpgradableHook | ||
|
||
## Info | ||
|
||
**Spec** | ||
|
||
- Severity: High | ||
- Confidence: High | ||
|
||
**Description** | ||
|
||
The contract `DELEGATECALL`s to mutable addresses. |