Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V3factory will fail to initialize because of a wrong check #38

Closed
howlbot-integration bot opened this issue Nov 4, 2024 · 1 comment
Closed

V3factory will fail to initialize because of a wrong check #38

howlbot-integration bot opened this issue Nov 4, 2024 · 1 comment
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-26 🤖_04_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@howlbot-integration
Copy link

Lines of code

https://github.com/ronin-chain/katana-v3-contracts/blob/03c80179e04f40d96f06c451ea494bb18f2a58fc/src/core/KatanaV3Pool.sol#L122
https://github.com/ronin-chain/katana-v3-contracts/blob/03c80179e04f40d96f06c451ea494bb18f2a58fc/src/core/KatanaV3Pool.sol#L112-L113

Vulnerability details

Proof of Concept

The initialize function in the v3Katanapool contract has a misconfiguration that causes it to revert unexpectedly, preventing initialization of the pool parameters. Here’s an analysis of the code and impact:

  1. Issue: When the initialize function is called, it checks if factory is address(0) rather than address(1). This check fails each time because the constructor sets factory to address(1), causing the initialize function to revert and halt the pool setup.

  2. Code Reference:

    • Constructor:
    constructor() {

        // Disable immutables initialization
@audit>>         factory = address(1);

    }
  • Initialize Function:
    function initializeImmutables(address factory_, address token0_, address token1_, uint24 fee_, int24 tickSpacing_)
        public
        virtual
        override
    {

@audit>>          require(factory == address(0), "AII");
        // Other initialization code

    }
  1. Impact: This bug blocks the contract from setting key parameters and utilizing v3Pool, effectively making the system unusable until corrected.

Recommended Mitigation Steps

To fix this issue:

  • Solution: Modify the initialize function's check to ensure factory is set to address(1) instead of address(0).

  • Code Update:

    function initializeImmutables(address factory_, address token0_, address token1_, uint24 fee_, int24 tickSpacing_)
    public
    virtual
    override
{
    require(factory == address(1), "AII");  // Corrected check
    // Additional initialization code
}

Assessed type

DoS
@howlbot-integration howlbot-integration bot added 3 (High Risk) Assets can be stolen/lost/compromised directly 🤖_04_group AI based duplicate group recommendation bug Something isn't working duplicate-26 sufficient quality report This report is of sufficient quality labels Nov 4, 2024
howlbot-integration bot added a commit that referenced this issue Nov 4, 2024
@howlbot-integration
Bigsam issue #38
6de4a90
@c4-judge
Copy link

alex-ppg marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Nov 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working duplicate-26 🤖_04_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@c4-judge