search

code-423n4 / 2021-11-nested-findings

1 stars 1 forks source link

Ensure on-chain that cache is synced #217

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

GreyArt

Vulnerability details

Impact

Currently, many core operations (like NestedFactory.create(), NestedFactory.swapTokenForTokens()) are dependent on the assumption that the cache is synced before these functions are executed however this may not necessarily be the case.

Proof of Concept

  1. OperatorResolver.importOperators() is called to remove an operator.
  2. A user calls NestedFactory.create() that uses the operator that was being removed / updated.
  3. NestedFactory.rebuildCache() is called to rebuild cache.

This flow is not aware that the cache is not in synced.

Recommended Mitigation Steps

Add a modifier to require that the cache is synced to all functions that interact with the operators.

maximebrugel commented 2 years ago

Duplicated : #157

alcueca commented 2 years ago

Taking this as the main.