Closed c4-bot-3 closed 5 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as duplicate of #18
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-c
This previously downgraded issue has been upgraded by hansfriese
hansfriese removed the grade
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/abstract/HookManager.sol#L29
Vulnerability details
Impact
The setHooks function in HookManager.sol allows users to set arbitrary hooks, potentially enabling them to make external calls with unintended consequences. This vulnerability could lead to various unexpected behaviors, such as unauthorized side transactions with gas paid unbeknownst to the claimer, reentrant calls, or denial-of-service attacks on claiming transactions.
Proof of Concept
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/abstract/HookManager.sol#L29C2-L33C5
Assessed type
Invalid Validation