Open hats-bug-reporter[bot] opened 7 months ago
Thank you for the submission.
We use our own implementation of AlgebraPool, which is minimally different from the original, but it still results in a new INIT_CODE_HASH at the factory, so this value is different from the value in Algebra Integral 1.0
Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0x1f6fc52e0c7a280e723747101dd4de7225f0d10b1540c6f20fe6d766387f1216 Severity: high
Description: Description\
AlgebraFactory.sol
is used to deploy pools and its plugins. ThePOOL_INIT_CODE_HASH
used inAlgebraFactory.sol
is given as below,POOL_INIT_CODE_HASH
is used for computation of pool address.and this further used in creation of pool in
createPool()
The issue here is,
POOL_INIT_CODE_HASH
used is incorrect, Therefore, the pool address calculated will be wrong.AlgebraFactory.sol
usesAlgebra Integral 1.0
Algebra Integral 1.0
has used belowPOOL_INIT_CODE_HASH
. This can be checked hereTherefore, by using above correct code hash, the pool address will computed correctly. As the init code hash changed, contract bytecode has been change, the init hash will be different. This will cause a total bricking of all major functionality.
Recommendations\
Correct the
POOL_INIT_CODE_HASH
inAlgebraFactory.sol
as used forAlgebra Integral 1.0