search

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

Inability of `ArchController` to enable disabled hookstemplate #82

Closed howlbot-integration[bot] closed 2 months ago

howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/HooksFactory.sol#L201-L208 https://github.com/code-423n4/2024-08-wildcat/blob/fe746cc0fbedc4447a981a50e6ba4c95f98b9fe1/src/HooksFactory.sol#L297-L299

Vulnerability details

Proof of Concept

In the current implementation of the Hookfactory contract ArchController , the owner can disable hook templates using the disableHooksTemplate() function, but there is no method provided to re-enable previously disabled hooks. This can create operational inefficiencies, forcing the owner to create new hook templates whenever they need to re-enable a previously disabled one.

Relevant Code Snippet: The current function only allows disabling hook templates:

function disableHooksTemplate(address hooksTemplate) external override onlyArchControllerOwner { 
    if (!_templateDetails[hooksTemplate].exists) {
        revert HooksTemplateNotFound();
    }
    _templateDetails[hooksTemplate].enabled = false;
    emit HooksTemplateDisabled(hooksTemplate);
}

Referencing the last audit- https://github.com/code-423n4/2023-10-wildcat-findings/issues/431. A function to reenable disabled hooks should be created.

Recommended Mitigation Steps

To resolve this, the ArchController should include a function to enable previously disabled hook templates. Below is a recommended implementation for the enableHooksTemplate() function.


function enableHooksTemplate(address hooksTemplate) external override onlyArchControllerOwner {
    // Check if the template exists
    if (!_templateDetails[hooksTemplate].exists) {
        revert HooksTemplateNotFound();
    }

    // Check if the template is already enabled
    if (_templateDetails[hooksTemplate].enabled) {
        revert HooksTemplateAlreadyEnabled();
    }

    // Enable the hooks template
    _templateDetails[hooksTemplate].enabled = true;

    // Emit an event to indicate that the template has been enabled again
    emit HooksTemplateEnabled(hooksTemplate);
}

## Assessed type

Error
c4-judge commented 1 month ago

3docSec changed the severity to QA (Quality Assurance)