From ed44f4e993f3856dbeb14cae04acffec72c25524 Mon Sep 17 00:00:00 2001 From: Diana Carvalho Date: Fri, 24 Jan 2025 16:43:22 +0000 Subject: [PATCH] fix: Add input validation size in Uniswapv2SwapExecutor --- don't change below this line --- ENG-4033 Took 12 minutes --- foundry/src/executors/Uniswapv2SwapExecutor.sol | 5 +++++ foundry/test/executors/UniswapV2SwapExecutor.t.sol | 10 ++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/foundry/src/executors/Uniswapv2SwapExecutor.sol b/foundry/src/executors/Uniswapv2SwapExecutor.sol index a6f8517..c54e726 100644 --- a/foundry/src/executors/Uniswapv2SwapExecutor.sol +++ b/foundry/src/executors/Uniswapv2SwapExecutor.sol @@ -5,6 +5,8 @@ import "@uniswap-v2/contracts/interfaces/IUniswapV2Pair.sol"; import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; import {ISwapExecutor} from "../interfaces/ISwapExecutor.sol"; +error UniswapV2Executor__InvalidDataLength(); + contract UniswapV2SwapExecutor is ISwapExecutor { using SafeERC20 for IERC20; @@ -39,6 +41,9 @@ contract UniswapV2SwapExecutor is ISwapExecutor { bool zeroForOne ) { + if (data.length != 61) { + revert UniswapV2Executor__InvalidDataLength(); + } inToken = IERC20(address(bytes20(data[0:20]))); target = address(bytes20(data[20:40])); receiver = address(bytes20(data[40:60])); diff --git a/foundry/test/executors/UniswapV2SwapExecutor.t.sol b/foundry/test/executors/UniswapV2SwapExecutor.t.sol index 88f99ea..c2011f1 100644 --- a/foundry/test/executors/UniswapV2SwapExecutor.t.sol +++ b/foundry/test/executors/UniswapV2SwapExecutor.t.sol @@ -59,6 +59,14 @@ contract UniswapV2SwapExecutorTest is assertEq(zeroForOne, false); } + function testDecodeParamsInvalidDataLength() public { + bytes memory invalidParams = + abi.encodePacked(WETH_ADDR, address(2), address(3)); + + vm.expectRevert(UniswapV2Executor__InvalidDataLength.selector); + uniswapV2Exposed.decodeParams(invalidParams); + } + function testAmountOut() public view { uint256 amountOut = uniswapV2Exposed.getAmountOut(WETH_DAI_POOL, 10 ** 18, false); @@ -84,10 +92,8 @@ contract UniswapV2SwapExecutorTest is bytes memory protocolData = abi.encodePacked(WETH_ADDR, WETH_DAI_POOL, BOB, zeroForOne); - vm.startPrank(ADMIN); deal(WETH_ADDR, address(uniswapV2Exposed), amountIn); uniswapV2Exposed.swap(amountIn, protocolData); - vm.stopPrank(); uint256 finalBalance = DAI.balanceOf(BOB); assertGe(finalBalance, amountOut);