chore: Misc improvements:

- Don't use payable(receiver).transfer(amount) and use OpenZeppelin's Address.sendValue instead - In Univ4Executor send funds to the poolManager and not msg.sender - In OneTransferFromOnly: - rename method name - don't pass the sender but hardcode it to caller() (msg.sender) - Move marking the transfer as done up (before we actually transfer) to prevent reentrancy attacks Took 18 minutes
2025-05-16 10:49:49 +01:00
parent 99d5df4f77
commit fcd85c047f
6 changed files with 23 additions and 29 deletions
--- a/foundry/src/executors/EkuboExecutor.sol
+++ b/foundry/src/executors/EkuboExecutor.sol
@@ -12,6 +12,7 @@ import {LibBytes} from "@solady/utils/LibBytes.sol";
 import {Config, EkuboPoolKey} from "@ekubo/types/poolKey.sol";
 import {MAX_SQRT_RATIO, MIN_SQRT_RATIO} from "@ekubo/types/sqrtRatio.sol";
 import "../OneTransferFromOnly.sol";
+import "@openzeppelin/contracts/utils/Address.sol";

 contract EkuboExecutor is
    IExecutor,
@@ -204,11 +205,7 @@ contract EkuboExecutor is
        if (transferFromNeeded) {
            _transfer(msg.sender);
        } else if (transferNeeded) {
-            if (token == address(0)) {
-                payable(msg.sender).transfer(amount);
-            } else {
-                IERC20(token).safeTransfer(msg.sender, amount);
-            }
+            IERC20(token).safeTransfer(msg.sender, amount);
        }
    }

--- a/foundry/src/executors/MaverickV2Executor.sol
+++ b/foundry/src/executors/MaverickV2Executor.sol
@@ -3,6 +3,7 @@ pragma solidity ^0.8.26;

 import "@interfaces/IExecutor.sol";
 import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import "@openzeppelin/contracts/utils/Address.sol";

 error MaverickV2Executor__InvalidDataLength();
 error MaverickV2Executor__InvalidTarget();
@@ -48,8 +49,7 @@ contract MaverickV2Executor is IExecutor {

        if (transferNeeded) {
            if (address(tokenIn) == address(0)) {
-                // slither-disable-next-line arbitrary-send-eth
-                payable(target).transfer(givenAmount);
+                Address.sendValue(payable(target), givenAmount);
            } else {
                // slither-disable-next-line arbitrary-send-erc20
                tokenIn.safeTransfer(target, givenAmount);
--- a/foundry/src/executors/UniswapV3Executor.sol
+++ b/foundry/src/executors/UniswapV3Executor.sol
@@ -6,6 +6,7 @@ import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 import "@uniswap/v3-core/contracts/interfaces/IUniswapV3Pool.sol";
 import "@interfaces/ICallback.sol";
 import {OneTransferFromOnly} from "../OneTransferFromOnly.sol";
+import "@openzeppelin/contracts/utils/Address.sol";

 error UniswapV3Executor__InvalidDataLength();
 error UniswapV3Executor__InvalidFactory();
@@ -111,7 +112,7 @@ contract UniswapV3Executor is IExecutor, ICallback, OneTransferFromOnly {
            _transfer(msg.sender);
        } else if (transferNeeded) {
            if (tokenIn == address(0)) {
-                payable(msg.sender).transfer(amountOwed);
+                Address.sendValue(payable(msg.sender), amountOwed);
            } else {
                IERC20(tokenIn).safeTransfer(msg.sender, amountOwed);
            }
@@ -169,7 +170,7 @@ contract UniswapV3Executor is IExecutor, ICallback, OneTransferFromOnly {
        uint24 fee,
        bool transferFromNeeded,
        bool transferNeeded
-    ) internal view returns (bytes memory) {
+    ) internal pure returns (bytes memory) {
        return abi.encodePacked(
            tokenIn, tokenOut, fee, transferFromNeeded, transferNeeded
        );
--- a/foundry/src/executors/UniswapV4Executor.sol
+++ b/foundry/src/executors/UniswapV4Executor.sol
@@ -23,6 +23,7 @@ import {SafeCast} from "@uniswap/v4-core/src/libraries/SafeCast.sol";
 import {TransientStateLibrary} from
    "@uniswap/v4-core/src/libraries/TransientStateLibrary.sol";
 import "../OneTransferFromOnly.sol";
+import "@openzeppelin/contracts/utils/Address.sol";

 error UniswapV4Executor__InvalidDataLength();
 error UniswapV4Executor__NotPoolManager();
@@ -410,14 +411,14 @@ contract UniswapV4Executor is
        } else {
            if (transferFromNeeded) {
                // transferFrom swapper's wallet into the core contract
-                _transfer(msg.sender);
+                _transfer(address(poolManager));
            } else if (transferNeeded) {
                address tokenIn = Currency.unwrap(currency);
                // transfer from router contract into the core contract
                if (tokenIn == address(0)) {
-                    payable(msg.sender).transfer(amount);
+                    Address.sendValue(payable(address(poolManager)), amount);
                } else {
-                    IERC20(tokenIn).safeTransfer(msg.sender, amount);
+                    IERC20(tokenIn).safeTransfer(address(poolManager), amount);
                }
            }
            // slither-disable-next-line unused-return