The input parameters token0, token1, and fee are not validated in the deployNewPool function within the PanopticFactory contract. This omission can potentially lead to unexpected behavior and effects when the contract interacts with the SemiFungiblePositionManager contract and the UniswapV3Factory contract.
In particular, if the token0, token1, and fee parameters lead to a v3Pool address that doesn't represent an existing and properly initialized Uniswap V3 pool, it could cause runtime errors or result in incorrect pool initialization.
Before invoking the UniswapV3Factory's getPool function and initializing the v3Pool reference, assert that token0, token1, and fee are valid. Consider defining and using a function that verifies token addresses and fee amounts per the business rules of your smart contract system.
This will help ensure that all function inputs are sanitized, and it will prevent unexpected behavior in later execution. Note that sometimes, input validation is not possible if there's no way to predict all valid cases a priori (e.g., token address verification if any ERC20 token can be used). In such cases, ensure that other parts of the contract code are capable of properly handling any possible input.
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/PanopticFactory.sol#L210-L227
Vulnerability details
Impact
The input parameters
token0
,token1
, andfee
are not validated in thedeployNewPool
function within thePanopticFactory
contract. This omission can potentially lead to unexpected behavior and effects when the contract interacts with the SemiFungiblePositionManager contract and the UniswapV3Factory contract.In particular, if the
token0
,token1
, andfee
parameters lead to av3Pool
address that doesn't represent an existing and properly initialized Uniswap V3 pool, it could cause runtime errors or result in incorrect pool initialization.Proof of Concept
Tools Used
Manual review
Recommended Mitigation Steps
Before invoking the UniswapV3Factory's
getPool
function and initializing thev3Pool
reference, assert thattoken0
,token1
, andfee
are valid. Consider defining and using a function that verifies token addresses and fee amounts per the business rules of your smart contract system. This will help ensure that all function inputs are sanitized, and it will prevent unexpected behavior in later execution. Note that sometimes, input validation is not possible if there's no way to predict all valid cases a priori (e.g., token address verification if any ERC20 token can be used). In such cases, ensure that other parts of the contract code are capable of properly handling any possible input.Assessed type
Invalid Validation