Skip to content

feat: use new wrapper from upstream #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Sep 30, 2025
Merged

feat: use new wrapper from upstream #3

merged 8 commits into from
Sep 30, 2025

Conversation

@kaze-cow
Copy link
Collaborator

@kaze-cow kaze-cow commented Sep 29, 2025

the generic wrappers implementation has changed upstream. Modifications to use this new pattern.

@kaze-cow kaze-cow requested a review from a team September 29, 2025 08:40
@kaze-cow kaze-cow self-assigned this Sep 29, 2025
fedgiac
fedgiac reviewed Sep 29, 2025
View reviewed changes
soljson-latest.js
Copy link
Contributor

@fedgiac fedgiac Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's this binary blob about?

Copy link
Collaborator Author

@kaze-cow kaze-cow Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it comes from my editor :/ it gets automatically added to all my projects. but yes it shouldnt be here

@kaze-cow
Revert "forge fmt"
217af04 
This reverts commit e56eac3.
@kaze-cow kaze-cow mentioned this pull request Sep 29, 2025
Merged
fedgiac
fedgiac reviewed Sep 29, 2025
View reviewed changes
src/CowEvcWrapper.sol
GPv2Interaction.Data[][3] calldata interactions
) external payable {
if (msg.sender != address(EVC)) {
revert Unauthorized(msg.sender);
Copy link
Contributor

@fedgiac fedgiac Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The assumption here is that the EVC is fully trusted to forward this call without changing the parameters. Is this true?
In general I'd expect that the code checks that the settlement data used in evcInternalSettle matches the one that _wrap wants to forward to it (and also that it's called exactly once).
With the current code, the EVC contract can execute any settlement it wants once wrappedSettle is called.

@kaze-cow
use a settle state instead of original sender
4f6c81e 
best way to ensure the expected flow is followed exactly
@kaze-cow kaze-cow marked this pull request as ready for review September 30, 2025 08:00
@kaze-cow kaze-cow merged commit 2d7989b into feat/security Sep 30, 2025
2 of 4 checks passed
@claude claude bot mentioned this pull request Oct 23, 2025
Closed
This was referenced Oct 31, 2025
Open
Open
This was referenced Nov 8, 2025
Draft
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fedgiac fedgiac fedgiac left review comments

Assignees

@kaze-cow kaze-cow

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kaze-cow @fedgiac