search

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

A borrower can create a market with disabled `hookTemplate`. #106

Closed howlbot-integration[bot] closed 2 months ago

howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/HooksFactory.sol#L491-L516

Vulnerability details

Impact

Borrower creates a market with the hookTemplate that was disabled. This may lead to undetermined consequences as it is not intended by the admin.

Proof of Concept

Borrower creates a market with a hook that was disabled previously via HooksFactory.disableHooksTemplate() function

https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/HooksFactory.sol#L491-L516

Tools Used

Manual review, foundry

Recommended Mitigation Steps

Consider adding a function that allows the owner to enable hookTemplate, or implement a check to ensure that the hookTemplate is enabled when the borrower deploys a market.

Assessed type

Other

c4-judge commented 1 month ago

3docSec marked the issue as unsatisfactory: Invalid