## [H-01] zeroswap/UniswapV2Library.sol Wrong init code hash in UniswapV2Library.pairFor() will break UniswapV2Oracle, UniswapV2Router02, SushiRoll #158
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-206
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/periphery/UniswapV2/libraries/UniswapV2Library.sol#L17-L33
Vulnerability details
Impact
The init code hash in UniswapV2Library.pairFor() should be updated since the code of UniswapV2Pair has been changed. Otherwise, the pair address calculated will be wrong, most likely non-existing address.
There are many other functions and other contracts across the codebase, including UniswapV2Oracle, UniswapV2Router02, and SushiRoll, that rely on the UniswapV2Library.pairFor() function for the address of the pair, with the UniswapV2Library.pairFor() returning a wrong and non-existing address, these functions and contracts will malfunction.
Proof of Concept
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/periphery/UniswapV2/libraries/UniswapV2Library.sol#L17-L33
Tools Used
Manual Review
Recommended Mitigation Steps
Update the init code hash from hex'e18a34eb0e04b04f7a0ac29a6e80748dca96319b42c54d679cb821dca90c6303' to the value of UniswapV2Factory.pairCodeHash().
https://github.com/SwipeWallet/swipe-swap/blob/4e6e07d113a4a7b629f6d37afcc0f4075eadb3f9/contracts/uniswapv2/UniswapV2Factory.sol#L26-L28
The text was updated successfully, but these errors were encountered: