search

code-423n4 / 2024-03-pooltogether-findings

5 stars 4 forks source link

HookManager.sol allows users to set arbitrary hooks #324

Closed c4-bot-3 closed 5 months ago

c4-bot-3 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/abstract/HookManager.sol#L29

Vulnerability details

Impact

The setHooks function in HookManager.sol allows users to set arbitrary hooks, potentially enabling them to make external calls with unintended consequences. This vulnerability could lead to various unexpected behaviors, such as unauthorized side transactions with gas paid unbeknownst to the claimer, reentrant calls, or denial-of-service attacks on claiming transactions.

Proof of Concept

https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/abstract/HookManager.sol#L29C2-L33C5

function setHooks(VaultHooks calldata hooks) external {
    _hooks[msg.sender] = hooks;
    emit SetHooks(msg.sender, hooks);
}

Assessed type

Invalid Validation

c4-pre-sort commented 5 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 5 months ago

raymondfam marked the issue as duplicate of #18

c4-judge commented 5 months ago

hansfriese changed the severity to QA (Quality Assurance)

c4-judge commented 5 months ago

hansfriese marked the issue as grade-c

c4-judge commented 5 months ago

This previously downgraded issue has been upgraded by hansfriese

c4-judge commented 5 months ago

hansfriese removed the grade

c4-judge commented 5 months ago

hansfriese changed the severity to QA (Quality Assurance)

c4-judge commented 5 months ago

hansfriese marked the issue as grade-c