Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: uni v3 adapter multi-hop whitelist skip #307

Closed
gabririgo opened this issue Aug 31, 2023 · 0 comments
Closed

Bug: uni v3 adapter multi-hop whitelist skip #307

gabririgo opened this issue Aug 31, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@gabririgo
Copy link
Contributor

When a user uses a multihop route that involves a non-whitelisted token as the first route tokenOut, the transaction is reverted. This should not happen. Even if this involves routing through potentially rogue tokens, it entails a sophisticated attack by a rogue operator.

In the opposite case, a rogue trader could route through a whitelisted-tokenOut-pair first, to then purchase a non-whitelisted token. This defies the scope of the token whitelist, so we either fix it or we remove the token whitelist entirely. At that point, we should keep track of owned tokens in an indexed mapping.

The affected code part can be found here
@gabririgo gabririgo added the bug Something isn't working label Aug 31, 2023
This was referenced Sep 1, 2023
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gabririgo