Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: [quantstamp-16] Disallow using dependencies for hooks #77

Merged
merged 1 commit into from
Jan 23, 2024
Merged

fix: [quantstamp-16] Disallow using dependencies for hooks #77

merged 1 commit into from
Jan 23, 2024
+205 −1,072

Conversation

dphilipson
Copy link
Collaborator

Allowing hooks to be dependencies can lead to hooks being called in unexpected contexts, such as state-changing validation hooks being called outside of validation or one of a pre- and post-exec hook pair being called without the other. To prevent this without changing the interface from the spec, we disallow this case entirely.

@dphilipson dphilipson requested a review from jaypaik January 18, 2024 01:46
@dphilipson dphilipson force-pushed the dp/msca-16 branch 2 times, most recently from 6ecf507 to e2c78d0 Compare January 18, 2024 21:49
jaypaik
jaypaik reviewed Jan 19, 2024
View reviewed changes
Copy link
Collaborator

@jaypaik jaypaik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a couple legit lint errors. Also left a comment on _resolveManifestFunction.

src/account/PluginManagerInternals.sol Outdated Show resolved Hide resolved
test/account/AccountExecHooks.t.sol Outdated Show resolved Hide resolved
test/account/AccountExecHooks.t.sol Show resolved Hide resolved
test/account/AccountPreValidationHooks.t.sol Outdated Show resolved Hide resolved
@adam-alchemy
Copy link
Contributor

adam-alchemy commented Jan 22, 2024
edited
Loading

I think this is related to the spearbit issue https://github.com/spearbit-audits/alchemy-nov-review/issues/23. In the reference implementation PR, there's an added check in _resolveManifestFunction here: https://github.com/erc6900/reference-implementation/blob/c804a93279e3270cc78d3b6bfc0e7d8d95524fe1/src/account/PluginManagerInternals.sol#L705-L707.

Do you want to also address that here too, or spin it out into a separate PR?

@jaypaik jaypaik mentioned this pull request Jan 22, 2024
Merged
@dphilipson
Copy link
Collaborator Author

@adam Yup, I got that fix when following Jay's suggestion for the arguments to _resolveManifestFunction.

jaypaik
jaypaik approved these changes Jan 23, 2024
View reviewed changes
Copy link
Collaborator

@jaypaik jaypaik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, some comments.

src/account/PluginManagerInternals.sol
Comment on lines +646 to +654
uint256 index = manifestFunction.dependencyIndex;
if (index < dependencies.length) {
return dependencies[manifestFunction.dependencyIndex];
} else {
revert InvalidPluginManifest();
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:

Suggested change
uint256 index = manifestFunction.dependencyIndex;
if (index < dependencies.length) {
return dependencies[manifestFunction.dependencyIndex];
} else {
revert InvalidPluginManifest();
}
uint256 index = manifestFunction.dependencyIndex;
if (index < dependencies.length) {
return dependencies[index];
}
revert InvalidPluginManifest();

Copy link
Collaborator Author

@dphilipson dphilipson Jan 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This suggestion is inconsistent with the existing code, such as the two magic value checks just below it. Also as a personal preference I prefer the current style, but I'm happy to change this and the rest of the function if this is the recommended style for this codebase.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup makes sense. I think we've been changing things to the new style for less nesting in various places. Happy to pick this up as a part of #97 which is doing similar things.

src/account/PluginManagerInternals.sol Outdated Show resolved Hide resolved
test/account/AccountPreValidationHooks.t.sol Outdated Show resolved Hide resolved
@dphilipson
fix: [quantstamp-16] Disallow using dependencies for hooks
b1a4f08 
Allowing hooks to be dependencies can lead to hooks being called in
unexpected contexts, such as state-changing validation hooks being
called outside of validation or one of a pre- and post-exec hook pair
being called without the other. To prevent this without changing the
interface from the spec, we disallow this case entirely.
@jaypaik jaypaik merged commit f258b31 into audit-2023-11-20 Jan 23, 2024
3 checks passed
@jaypaik jaypaik deleted the dp/msca-16 branch January 23, 2024 03:17
jaypaik pushed a commit that referenced this pull request Jan 25, 2024
@dphilipson @jaypaik
fix: [quantstamp-16] Disallow using dependencies for hooks (#77)
a8b05bf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaypaik jaypaik jaypaik approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dphilipson @adam-alchemy @jaypaik