From 3fb17c71da192463b0c6b15dea9a2bae47832ef5 Mon Sep 17 00:00:00 2001 From: TAMARA LIPOWSKI Date: Thu, 24 Apr 2025 16:57:08 -0400 Subject: [PATCH] fix: Remove tload from executor - Store the executor address when deploying instead. - We would like to keep all instances of tload and tstore within the callback mechanism of our main TychoRouter contract for security reasons and to prevent any unexpected behaviour - This way it's easy to reason that UniswapV4Executor will only ever execute a delegatecall to itself. Before it could in theory execute a delegatecall to any address. One had to look at all occurences of tstore(0, x) to ensure the address was constrained. --- foundry/src/executors/UniswapV4Executor.sol | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/foundry/src/executors/UniswapV4Executor.sol b/foundry/src/executors/UniswapV4Executor.sol index aa9cfe7..790b3c1 100644 --- a/foundry/src/executors/UniswapV4Executor.sol +++ b/foundry/src/executors/UniswapV4Executor.sol @@ -44,6 +44,7 @@ contract UniswapV4Executor is using TransientStateLibrary for IPoolManager; IPoolManager public immutable poolManager; + address private immutable _self; struct UniswapV4Pool { address intermediaryToken; @@ -55,6 +56,7 @@ contract UniswapV4Executor is TokenTransfer(_permit2) { poolManager = _poolManager; + _self = address(this); } /** @@ -204,18 +206,9 @@ contract UniswapV4Executor is internal returns (bytes memory) { - address executor; - // slither-disable-next-line assembly - assembly { - executor := tload(0) - } - - if (executor == address(0)) { - executor = address(this); - } // here we expect to call either `swapExactInputSingle` or `swapExactInput`. See `swap` to see how we encode the selector and the calldata // slither-disable-next-line low-level-calls - (bool success, bytes memory returnData) = executor.delegatecall(data); + (bool success, bytes memory returnData) = _self.delegatecall(data); if (!success) { revert( string(