Liquidity.Party/tycho-execution
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Add security check for callback selector

Browse Source 
- Do not allow any callback to be chosen, for security and clarity purposes
This commit is contained in:
TAMARA LIPOWSKI
2025-04-25 11:02:12 -04:00
parent 3fb17c71da
commit 4de1d10406
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
foundry/src/executors/UniswapV4Executor.sol
View File

@@ -26,6 +26,7 @@ import {TransientStateLibrary} from
error UniswapV4Executor__InvalidDataLength();
error UniswapV4Executor__NotPoolManager();
error UniswapV4Executor__UnknownCallback(bytes4 selector);
error UniswapV4Executor__DeltaNotPositive(Currency currency);
error UniswapV4Executor__DeltaNotNegative(Currency currency);
error UniswapV4Executor__V4TooMuchRequested(
@@ -46,6 +47,9 @@ contract UniswapV4Executor is
IPoolManager public immutable poolManager;
address private immutable _self;
bytes4 constant SWAP_EXACT_INPUT_SINGLE_SELECTOR = 0x8bc6d0d7;
bytes4 constant SWAP_EXACT_INPUT_SELECTOR = 0xaf90aeb1;
struct UniswapV4Pool {
address intermediaryToken;
uint24 fee;
@@ -206,6 +210,14 @@ contract UniswapV4Executor is
internal
returns (bytes memory)
{
bytes4 selector = bytes4(data[:4]);
if (
selector != SWAP_EXACT_INPUT_SELECTOR
&& selector != SWAP_EXACT_INPUT_SINGLE_SELECTOR
) {
revert UniswapV4Executor__UnknownCallback(selector);
}
// here we expect to call either `swapExactInputSingle` or `swapExactInput`. See `swap` to see how we encode the selector and the calldata
// slither-disable-next-line low-level-calls
(bool success, bytes memory returnData) = _self.delegatecall(data);