Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OZ-L06: try-catch permit2Forwarder to avoid exposing DOS on multicall #309

Merged
merged 5 commits into from
Sep 3, 2024
Merged

OZ-L06: try-catch permit2Forwarder to avoid exposing DOS on multicall #309

merged 5 commits into from
Sep 3, 2024

Conversation

saucepoint
Copy link
Collaborator

Related Issue

OZ-L06: allow permit2Forwarder's permit/permitBatch to fail via try-catch.

Prevents DOS'ing multicalls containing permit/permitBatch where an external party front runs the permit2Forwarder call

Description of changes

try-catch'd permit2Forwarder's permit/permitBatch

hensha256
hensha256 reviewed Aug 28, 2024
View reviewed changes
src/base/Permit2Forwarder.sol Outdated
@@ -27,6 +27,6 @@ contract Permit2Forwarder {
external
payable
{
permit2.permit(owner, _permitBatch, signature);
try permit2.permit(owner, _permitBatch, signature) {} catch {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe a quick comment that explains why its in a try catch?

test/position-managers/PositionManager.multicall.t.sol Show resolved Hide resolved
test/position-managers/PositionManager.multicall.t.sol Outdated
calls[2] = abi.encodeWithSelector(IPositionManager.modifyLiquidities.selector, mintCall, _deadline);

uint256 tokenId = lpm.nextTokenId();
lpm.multicall(calls);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ideally this test would check

bytes[] memory results = lpm.multicall(calls);
assert(results[0] is correct revert reason) 
assert(results[1] is correct revert reason)

i guess that revert reason is that the nonce is taken

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you take a look now? im trying to do the Wrap__ error handling

cc @snreynolds

snreynolds
snreynolds reviewed Aug 31, 2024
View reviewed changes
Copy link
Member

@snreynolds snreynolds left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm to me I feel like we should allow the caller to specify whether or not they want to continue the multicall if there is an error

also if permit errors (even for a different reason) the rest of the code will still execute in this case

@saucepoint
Copy link
Collaborator Author

hmm to me I feel like we should allow the caller to specify whether or not they want to continue the multicall if there is an error

the idea being we expose another generic multicall(bytes calldata calls, bool revert) where revert = true will cause a halt?

@saucepoint saucepoint merged commit e198c55 into main Sep 3, 2024
3 checks passed
@saucepoint saucepoint deleted the oz-L06-permit2forwarder-dos branch September 3, 2024 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snreynolds snreynolds snreynolds left review comments

@dianakocsis dianakocsis dianakocsis approved these changes

@hensha256 hensha256 hensha256 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@saucepoint @snreynolds @hensha256 @dianakocsis