Open hats-bug-reporter[bot] opened 3 months ago
Github username: -- Twitter username: -- Submission hash (on-chain): 0x45c9b72f95891e4ffa69f4bc340ae02e77e6fc9cfdb587dfad8adfbcc6afb5e9 Severity: medium
Description: Description\
VaultBitcoinWallet - enableHooks function is called by the owner to set the hook.
enableHooks
function enableHooks(address[] memory _hooks) public onlyOwner { for (uint i = 0; i < _hooks.length; i++) { hooks[_hooks[i]] = true; } }
it sets as true always. there were no function to reset it.
Inside the _onActionDeposit function, if the detsination is hook, callback is made as shown.
_onActionDeposit
VaultBitcoinWallet.sol#L488-L490
if (hooks[destination] && destination != REFUEL_VAULT_ADDRESS) { IVaultBitcoinWalletHook(destination).hook(valueAfterFees, data); }
Attack Scenario\
when the hook is turns into malicious or compromised, owner can not reset it from making the callback call.
Attachments
it would be safe, if owner has the control to reset the enable hook address.
It is how it is supposed to work. Owner shouldn't be able to disable hooks
Github username: -- Twitter username: -- Submission hash (on-chain): 0x45c9b72f95891e4ffa69f4bc340ae02e77e6fc9cfdb587dfad8adfbcc6afb5e9 Severity: medium
Description: Description\
VaultBitcoinWallet - enableHooks function is called by the owner to set the hook.
enableHooks
it sets as true always. there were no function to reset it.
Inside the
_onActionDeposit
function, if the detsination is hook, callback is made as shown.VaultBitcoinWallet.sol#L488-L490
Attack Scenario\
when the hook is turns into malicious or compromised, owner can not reset it from making the callback call.
Attachments
it would be safe, if owner has the control to reset the enable hook address.