Reentrancy guard transient #354
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dianakocsis
reviewed
Jul 18, 2024
test/integration-tests/gas-tests/__snapshots__/UniversalVSSwapRouter.gas.test.ts.snap
Outdated
Show resolved
Hide resolved
dianakocsis
reviewed
Jul 18, 2024
contracts/libraries/Locker.sol
Outdated
|
|
||
| function set(address locker) internal { | ||
| assembly { | ||
| tstore(LOCKED_BY_SLOT, locker) |
There was a problem hiding this comment.
clear the upper bytes of the address?
tstore(LOCKED_BY_SLOT, and(locker, 0xffffffffffffffffffffffffffffffffffffffff))
can these also be made memory safe?
There was a problem hiding this comment.
grrrrl ur amazing
There was a problem hiding this comment.
ok they actually dont need to be masked imo but ive added a comment
There was a problem hiding this comment.
so if its msg.sender, the upper bytes can never be dirty?
| @@ -2,19 +2,17 @@ | |||
| pragma solidity ^0.8.24; | |||
|
|
|||
| import {Constants} from '../libraries/Constants.sol'; | |||
| import {Locker} from '../libraries/Locker.sol'; | |||
|
|
|||
| contract LockAndMsgSender { | |||
There was a problem hiding this comment.
this contract seems a little silly lol
There was a problem hiding this comment.
It definitely is 😂 honestly i think the map function doesnt belong here... gonna make a change
There was a problem hiding this comment.
ok i've moved map to the main dispatcher file because it doesnt feel like it belongs in the lock. And added a _msgSender function to make the lock msg.sender logic clearer
hensha256
commented
Jul 24, 2024
| "lint:fix": "yarn prettier:fix && forge fmt", | ||
| "prettier": "prettier --check '**/*.ts' && forge fmt --check" | ||
| "lint": "yarn prettier:fix && forge fmt", | ||
| "lint:check": "prettier --check '**/*.ts' && forge fmt --check" |
There was a problem hiding this comment.
renamed some commands here
yarn test:all wasnt running all the tests... only hardhat. So now yarn test:hardhat runs hardhat, and yarn test:all runs both
yarn lint should just fix everything locally both javascript and solidity thenyarn lint:check can run the reverting commands which have to be run in CI
snreynolds
reviewed
Jul 24, 2024
| @@ -40,4 +40,4 @@ jobs: | |||
| id: build | |||
|
|
|||
| - name: Run linter | |||
| run: yarn run prettier | |||
There was a problem hiding this comment.
no just renamed it because its running both forge fmt and prettier so the name lint makes more sense than prettier
| } | ||
| /// @notice Function to be used instead of msg.sender, as the contract performs self-reentrancy and at | ||
| /// times msg.sender == address(this). Instead _msgSender() returns the initiator of the lock | ||
| function _msgSender() internal view returns (address) { |
There was a problem hiding this comment.
I think this will have to override the _msgSender() in BaseActionsRouter..
There was a problem hiding this comment.
when you add the v4 swap lib
There was a problem hiding this comment.
yeah it will, or maybe theyll both have to be overriden by 1 implementing function. Not 100% sure yet until i pull in v4 and see what compiles LOL
| address internal constant NOT_LOCKED_FLAG = address(1); | ||
| address internal lockedBy = NOT_LOCKED_FLAG; | ||
|
|
||
| /// @notice Modifier enforcing a reentrancy lock that allows self-reentrancy |
There was a problem hiding this comment.
Can an external party that is not msg.sender trigger self reentrancy?
There was a problem hiding this comment.
no theres only 1 entry point to the contract so once its locked only the locker has control
contracts/base/LockAndMsgSender.sol
Outdated
| modifier isNotLocked() { | ||
| // The contract is allowed to reenter itself to perform EXECUTE_SUB_PLAN commands |
There was a problem hiding this comment.
tbh I'm not really sure what this means/what is the motivation for this comment
There was a problem hiding this comment.
Just trying to explain the modifier because it performs no checks in the case where msg.sender == address(this). I'll rewrite it a bit
snreynolds
approved these changes
Jul 24, 2024
dianakocsis
approved these changes
Jul 24, 2024
Merged
Closed
dianakocsis
added a commit
that referenced
this pull request
Dec 4, 2024
* Prepare for v4 work (#346) * update hardhat * remove symlinks by using hardhat-foundry use hardhat-foundry package to use foundry remappings to compile. Symlinks are no longer necessary After upgrade HH412 error was thrown caused by the existing symlinks ref: https://hardhat.org/hardhat-runner/docs/errors#HH412 NomicFoundation/hardhat#3623 * update compiler version to ^0.8.24 supporting the cancun upgrades * fix ci * fix lock file * Update yarn.lock * regenerate gas snapshots * install foundry in ci * Use mainnet permit2 (#347) * solc upgrade to 0.8.26 * use mainnet permit2 work started * fix uniswap tests * Remove block from resetFork * Refactor to fetch fee tiers * remove NFT protocols for V4 router (#348) * first pass * fix forge builds * fix reentrancy test * Add check to receive * remove .only rip * add todo for tests that need wrtiting * update readme and planner --------- Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> Co-authored-by: Alice Henshaw <henshawalice@gmail.com> * V3 liquidity commands (#355) * import with dif version of OZ * fix remapping issue * duplicate exports and v3 version error * remove else statement and fix format * fix duplicate IERC165 in typechain * permit, decrease, collect, burn commands * all v3 commands separately * add structs * remove mint and increaseLiquidity on v3 * test change * fix yarn.lock * pass foundry tests for now * nit - change name * spelling error * v3pm address not needed * some gas tests * check msg.sender * format * transient storage * unauthorized tests * transient storage * v3 multicall with tests * v3 call + transient storage * no decode * clean up tests * some changes * comment changes * suggestion fixes * regenerate yarn.lock file * revert yarn.lock * some changes * separate migration tests * bignumber to fix test * fix remappings for forge compile * remove command placeholder * remove transient storage * format * use v3 periphery 0.8 instead * fix gas snapshots * v3 position manager addresses * name change * remove v4 in this pr * remove unnecessary stuff * change test names * fix erc721 permit * more tests * name changes, comments, test --------- Co-authored-by: gretzke <daniel@gretzke.de> * Reentrancy guard transient (#354) * Make reentrancy guard transient * locker tests * abstract the locker library away * Updated locker tests * move map, and fix CI * Update lint.yml * update comment * V4 liquidity commands (#359) * v4 periphery git submodule * deploy v4 * prettier * point v4 periphery to main * use solmate/src and deploy v4 * format * update v4-periphery and future proof deployRouter * prettier * update v4-periphery, change remapping, and update deploy test (#361) * update v4-periphery, change remapping, and update deploy test * make immutables public * little fixes * last one * make only migrator immutables public * Make msgSender public (#365) * make maximum input transient (#366) * update v4 periphery to main and update deployRouter (#367) * update v4 periphery to main and update deployRouter * point to updated v4 posm * v4 planner (#368) * v4 planner * some renaming * separate uniswap tests (#369) * separate uniswap tests * Move permit2 tests * final decode in calldata (#363) * batch permit decode in calldata * array of structs * PR comment * V4 posm call (#364) * v4 mint so far * solmate remapping * v4 mint and increase tests * prettier * update v4 periphery to main * some gas tests * remove selector check in v4 posm call * organize some tests * more tests * prettier * more tests * update gas * remove unnecessary import * remove unnecessary encodings * Add v4 routing (#360) * complete setup, everything working * v4 command plus planner * use main v4 branch * update periphery, handle changes * linting * V4 test setup * working pool setup * cleanup of imports * 2 working v4 swap tests * exact out swaps * 2 hop swap tests * update periphery * Update posm with tests (#370) * update tests to correspond with posm * match deploy universal router with alices * update oz for ierc721permit problem * switch back to OZ 4.7.0 * use OZ 5.0.2 to match v4 * remove internal _msgSender() * pr comments * add license * Update periphery in UR (#371) * update to audit commit (#372) * V4 Native Tests (#373) * ETH input v4 tests * eth output v4 tests * PR comments * Add v4 to receive (#376) * add v4 to receive function * linting * PR comments * fix and snapshots * Take portion tests (#377) * take portion test * take portion test native * correct comment * take portion on input test * remove console logs oops * Oz L-09 (#382) * OZ L-09 * Remove .vscode/settings.json from the repository * update periphery to main (#380) * update periphery to main * update periphery after it updated main * update again * update again * add different tests for increasing and add tests for forwarding eth (#379) * add different tests for increasing and add tests for forwarding eth * fix gas snapshot * add more comments * fix gas snapshots * fix gas again * add comments on unpermit tests * OZ N-06 (#383) * OZ N-16 (#388) * ABDK CVF-107 (#385) * spearbit 94 (#389) * ABDK CVF106 (#387) * ABDK CVF106 * fix comment * oz-L13: missing natspec (#390) * Spearbit 59 (#391) * Spearbit 60 & 61 (#392) * OZ N-11 (#393) * update periphery (#394) * update periphery * remove position config * lint * Audit reports (#395) * Periphery update - calldata decoder (#396) * Periphery update - calldata decoder * rename function and snapshots * actually use the function * feat: update to 1.6.1-beta.1 (#398) * Chore/push button deploy (#400) * Update .gitmodules (#337) There is no need to use an account for GitHub. * chore(infra): set up deploy --------- Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> * chore: fix yarn publish (#401) * chore: fix yarn publish * Update deploy.yml * Update deploy.yml * chore(infra): deploy with npm (#403) * Update deploy.yml * Update deploy.yml * Update package.json * compile contracts in workflow * 2.0.0-beta.1 (#407) * Release workflow needs forge install (#408) * init submodules in release workflow (#409) * gitmodules should use https (#410) * Update v4 initialize (#415) * update periphery * update initialize ABI * temporary position descriptor constructor arg * lint * updated snap * restrict increase, decrease, and burn and v4 initialize pool call (#416) * restrict increase, decrease, and burn * prettier * initialize v4 pool call * prettier * refactor logic into function, plus optimise decode * merge latest periphery * move v3 logic outside of dispatcher * initialize pool tests * sbapshot * larger refactor * pull v4 periphery and revert payments * make checkV4InitializeCall like the others * Call initialize directly * undo v3 refactor * imports * remove unused typescript type * remove unnecessary extra immutable * Bump beta version * Improve coments * Add pool intiialization to some tests --------- Co-authored-by: Alice Henshaw <henshawalice@gmail.com> * deploy script for Base Sepolia (#381) * Update .gitmodules (#337) There is no need to use an account for GitHub. * deploy script for Base Sepolia * updating some deploys for sepolia L2s * include vanity/public RPCs for scripts * Update script/deployParameters/DeployOPSepolia.s.sol Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> * Update script/deployParameters/DeployUnichainSepolia.s.sol Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> --------- Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> * Latest v4 periphery (#420) * Latest v4 periphery * why didnt the linter catch this * v3 refactor and pull latest periphery (#418) * v3 refactor and pull latest periphery * switch to if else * allow permit2 to silently fail to avoid dos (#417) * allow permit2 to silently fail to avoid dos * fix tests * update periphery (#424) * update periphery not working * fix ur according to periphery update * prettier * fix issue during hardhat tests fixed in version 2.22.14 * change optimizer size * change optimizer runs for manager only * update again * prettier * update periphery again * switch runs to 30000 --------- Co-authored-by: gretzke <daniel@gretzke.de> * move file (#425) * Merge updates into dev (#428) * Update .gitmodules (#337) There is no need to use an account for GitHub. * chore(infra): set up deploy (#397) * chore: yarn publish (#402) * chore: yarn publish * Update deploy.yml * Update deploy.yml * Update deploy.yml * Update deploy.yml * chore: add provenance (#404) * compile contracts in workflow (#405) * feat: deploy worldchain (#411) * fix: update UR address on worldchain (#412) previous accidentally set it to the unsupported protocol * Create CODEOWNERS (#419) --------- Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> Co-authored-by: mr-uniswap <144828035+mr-uniswap@users.noreply.github.com> Co-authored-by: Emily Williams <emag3m@gmail.com> Co-authored-by: marktoda <toda.mark@gmail.com> Co-authored-by: dianakocsis <diana.kocsis@uniswap.org> --------- Co-authored-by: Daniel Gretzke <daniel@gretzke.de> Co-authored-by: diana <diana.kocsis@uniswap.org> Co-authored-by: saucepoint <98790946+saucepoint@users.noreply.github.com> Co-authored-by: marktoda <toda.mark@gmail.com> Co-authored-by: mr-uniswap <144828035+mr-uniswap@users.noreply.github.com> Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> Co-authored-by: Emily Williams <emag3m@gmail.com>
dianakocsis
added a commit
that referenced
this pull request
Jan 22, 2025
* Dev into main (#429) * Prepare for v4 work (#346) * update hardhat * remove symlinks by using hardhat-foundry use hardhat-foundry package to use foundry remappings to compile. Symlinks are no longer necessary After upgrade HH412 error was thrown caused by the existing symlinks ref: https://hardhat.org/hardhat-runner/docs/errors#HH412 NomicFoundation/hardhat#3623 * update compiler version to ^0.8.24 supporting the cancun upgrades * fix ci * fix lock file * Update yarn.lock * regenerate gas snapshots * install foundry in ci * Use mainnet permit2 (#347) * solc upgrade to 0.8.26 * use mainnet permit2 work started * fix uniswap tests * Remove block from resetFork * Refactor to fetch fee tiers * remove NFT protocols for V4 router (#348) * first pass * fix forge builds * fix reentrancy test * Add check to receive * remove .only rip * add todo for tests that need wrtiting * update readme and planner --------- Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> Co-authored-by: Alice Henshaw <henshawalice@gmail.com> * V3 liquidity commands (#355) * import with dif version of OZ * fix remapping issue * duplicate exports and v3 version error * remove else statement and fix format * fix duplicate IERC165 in typechain * permit, decrease, collect, burn commands * all v3 commands separately * add structs * remove mint and increaseLiquidity on v3 * test change * fix yarn.lock * pass foundry tests for now * nit - change name * spelling error * v3pm address not needed * some gas tests * check msg.sender * format * transient storage * unauthorized tests * transient storage * v3 multicall with tests * v3 call + transient storage * no decode * clean up tests * some changes * comment changes * suggestion fixes * regenerate yarn.lock file * revert yarn.lock * some changes * separate migration tests * bignumber to fix test * fix remappings for forge compile * remove command placeholder * remove transient storage * format * use v3 periphery 0.8 instead * fix gas snapshots * v3 position manager addresses * name change * remove v4 in this pr * remove unnecessary stuff * change test names * fix erc721 permit * more tests * name changes, comments, test --------- Co-authored-by: gretzke <daniel@gretzke.de> * Reentrancy guard transient (#354) * Make reentrancy guard transient * locker tests * abstract the locker library away * Updated locker tests * move map, and fix CI * Update lint.yml * update comment * V4 liquidity commands (#359) * v4 periphery git submodule * deploy v4 * prettier * point v4 periphery to main * use solmate/src and deploy v4 * format * update v4-periphery and future proof deployRouter * prettier * update v4-periphery, change remapping, and update deploy test (#361) * update v4-periphery, change remapping, and update deploy test * make immutables public * little fixes * last one * make only migrator immutables public * Make msgSender public (#365) * make maximum input transient (#366) * update v4 periphery to main and update deployRouter (#367) * update v4 periphery to main and update deployRouter * point to updated v4 posm * v4 planner (#368) * v4 planner * some renaming * separate uniswap tests (#369) * separate uniswap tests * Move permit2 tests * final decode in calldata (#363) * batch permit decode in calldata * array of structs * PR comment * V4 posm call (#364) * v4 mint so far * solmate remapping * v4 mint and increase tests * prettier * update v4 periphery to main * some gas tests * remove selector check in v4 posm call * organize some tests * more tests * prettier * more tests * update gas * remove unnecessary import * remove unnecessary encodings * Add v4 routing (#360) * complete setup, everything working * v4 command plus planner * use main v4 branch * update periphery, handle changes * linting * V4 test setup * working pool setup * cleanup of imports * 2 working v4 swap tests * exact out swaps * 2 hop swap tests * update periphery * Update posm with tests (#370) * update tests to correspond with posm * match deploy universal router with alices * update oz for ierc721permit problem * switch back to OZ 4.7.0 * use OZ 5.0.2 to match v4 * remove internal _msgSender() * pr comments * add license * Update periphery in UR (#371) * update to audit commit (#372) * V4 Native Tests (#373) * ETH input v4 tests * eth output v4 tests * PR comments * Add v4 to receive (#376) * add v4 to receive function * linting * PR comments * fix and snapshots * Take portion tests (#377) * take portion test * take portion test native * correct comment * take portion on input test * remove console logs oops * Oz L-09 (#382) * OZ L-09 * Remove .vscode/settings.json from the repository * update periphery to main (#380) * update periphery to main * update periphery after it updated main * update again * update again * add different tests for increasing and add tests for forwarding eth (#379) * add different tests for increasing and add tests for forwarding eth * fix gas snapshot * add more comments * fix gas snapshots * fix gas again * add comments on unpermit tests * OZ N-06 (#383) * OZ N-16 (#388) * ABDK CVF-107 (#385) * spearbit 94 (#389) * ABDK CVF106 (#387) * ABDK CVF106 * fix comment * oz-L13: missing natspec (#390) * Spearbit 59 (#391) * Spearbit 60 & 61 (#392) * OZ N-11 (#393) * update periphery (#394) * update periphery * remove position config * lint * Audit reports (#395) * Periphery update - calldata decoder (#396) * Periphery update - calldata decoder * rename function and snapshots * actually use the function * feat: update to 1.6.1-beta.1 (#398) * Chore/push button deploy (#400) * Update .gitmodules (#337) There is no need to use an account for GitHub. * chore(infra): set up deploy --------- Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> * chore: fix yarn publish (#401) * chore: fix yarn publish * Update deploy.yml * Update deploy.yml * chore(infra): deploy with npm (#403) * Update deploy.yml * Update deploy.yml * Update package.json * compile contracts in workflow * 2.0.0-beta.1 (#407) * Release workflow needs forge install (#408) * init submodules in release workflow (#409) * gitmodules should use https (#410) * Update v4 initialize (#415) * update periphery * update initialize ABI * temporary position descriptor constructor arg * lint * updated snap * restrict increase, decrease, and burn and v4 initialize pool call (#416) * restrict increase, decrease, and burn * prettier * initialize v4 pool call * prettier * refactor logic into function, plus optimise decode * merge latest periphery * move v3 logic outside of dispatcher * initialize pool tests * sbapshot * larger refactor * pull v4 periphery and revert payments * make checkV4InitializeCall like the others * Call initialize directly * undo v3 refactor * imports * remove unused typescript type * remove unnecessary extra immutable * Bump beta version * Improve coments * Add pool intiialization to some tests --------- Co-authored-by: Alice Henshaw <henshawalice@gmail.com> * deploy script for Base Sepolia (#381) * Update .gitmodules (#337) There is no need to use an account for GitHub. * deploy script for Base Sepolia * updating some deploys for sepolia L2s * include vanity/public RPCs for scripts * Update script/deployParameters/DeployOPSepolia.s.sol Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> * Update script/deployParameters/DeployUnichainSepolia.s.sol Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> --------- Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> * Latest v4 periphery (#420) * Latest v4 periphery * why didnt the linter catch this * v3 refactor and pull latest periphery (#418) * v3 refactor and pull latest periphery * switch to if else * allow permit2 to silently fail to avoid dos (#417) * allow permit2 to silently fail to avoid dos * fix tests * update periphery (#424) * update periphery not working * fix ur according to periphery update * prettier * fix issue during hardhat tests fixed in version 2.22.14 * change optimizer size * change optimizer runs for manager only * update again * prettier * update periphery again * switch runs to 30000 --------- Co-authored-by: gretzke <daniel@gretzke.de> * move file (#425) * Merge updates into dev (#428) * Update .gitmodules (#337) There is no need to use an account for GitHub. * chore(infra): set up deploy (#397) * chore: yarn publish (#402) * chore: yarn publish * Update deploy.yml * Update deploy.yml * Update deploy.yml * Update deploy.yml * chore: add provenance (#404) * compile contracts in workflow (#405) * feat: deploy worldchain (#411) * fix: update UR address on worldchain (#412) previous accidentally set it to the unsupported protocol * Create CODEOWNERS (#419) --------- Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> Co-authored-by: mr-uniswap <144828035+mr-uniswap@users.noreply.github.com> Co-authored-by: Emily Williams <emag3m@gmail.com> Co-authored-by: marktoda <toda.mark@gmail.com> Co-authored-by: dianakocsis <diana.kocsis@uniswap.org> --------- Co-authored-by: Daniel Gretzke <daniel@gretzke.de> Co-authored-by: diana <diana.kocsis@uniswap.org> Co-authored-by: saucepoint <98790946+saucepoint@users.noreply.github.com> Co-authored-by: marktoda <toda.mark@gmail.com> Co-authored-by: mr-uniswap <144828035+mr-uniswap@users.noreply.github.com> Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> Co-authored-by: Emily Williams <emag3m@gmail.com> * worldcoin addresses * Resolved submodule conflict for v4-periphery --------- Co-authored-by: Alice <34962750+hensha256@users.noreply.github.com> Co-authored-by: Daniel Gretzke <daniel@gretzke.de> Co-authored-by: saucepoint <98790946+saucepoint@users.noreply.github.com> Co-authored-by: marktoda <toda.mark@gmail.com> Co-authored-by: mr-uniswap <144828035+mr-uniswap@users.noreply.github.com> Co-authored-by: Jonney <603073+Jonney@users.noreply.github.com> Co-authored-by: Emily Williams <emag3m@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.