search

hats-finance / illuminex-0x0bb4aa1f58719707405c231fcdf0b405714799cf

0 stars 1 forks source link

VaultBitcoinWallet : once a hook is set, it never is unset #63

Open hats-bug-reporter[bot] opened 3 months ago

hats-bug-reporter[bot] commented 3 months ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x45c9b72f95891e4ffa69f4bc340ae02e77e6fc9cfdb587dfad8adfbcc6afb5e9 Severity: medium

Description: Description\

VaultBitcoinWallet - enableHooks function is called by the owner to set the hook.

enableHooks

    function enableHooks(address[] memory _hooks) public onlyOwner {
        for (uint i = 0; i < _hooks.length; i++) {
            hooks[_hooks[i]] = true;
        }
    }

it sets as true always. there were no function to reset it.

Inside the _onActionDeposit function, if the detsination is hook, callback is made as shown.

VaultBitcoinWallet.sol#L488-L490

        if (hooks[destination] && destination != REFUEL_VAULT_ADDRESS) {
            IVaultBitcoinWalletHook(destination).hook(valueAfterFees, data);
        }

Attack Scenario\

when the hook is turns into malicious or compromised, owner can not reset it from making the callback call.

Attachments

  1. Revised Code File (Optional)

it would be safe, if owner has the control to reset the enable hook address.

party-for-illuminati commented 3 months ago

It is how it is supposed to work. Owner shouldn't be able to disable hooks